Search in sources :

Example 1 with DESCipherProvider

use of com.thoughtworks.go.security.DESCipherProvider in project gocd by gocd.

the class BackupServiceIntegrationTest method shouldPerformConfigBackupForAllConfigFiles.

@Test
public void shouldPerformConfigBackupForAllConfigFiles() throws Exception {
    try {
        createConfigFile("foo", "foo_foo");
        createConfigFile("bar", "bar_bar");
        createConfigFile("baz", "hazar_bar");
        createConfigFile("hello/world/file", "hello world!");
        createConfigFile("some_dir/cruise-config.xml", "some-other-cruise-config");
        createConfigFile("some_dir/cipher", "some-cipher");
        ServerBackup backup = backupService.startBackup(admin);
        assertThat(backup.isSuccessful(), is(true));
        assertThat(backup.getMessage(), is("Backup was generated successfully."));
        File configZip = backedUpFile("config-dir.zip");
        assertThat(fileContents(configZip, "foo"), is("foo_foo"));
        assertThat(fileContents(configZip, "bar"), is("bar_bar"));
        assertThat(fileContents(configZip, "baz"), is("hazar_bar"));
        assertThat(fileContents(configZip, FilenameUtils.separatorsToSystem("hello/world/file")), is("hello world!"));
        assertThat(fileContents(configZip, FilenameUtils.separatorsToSystem("some_dir/cruise-config.xml")), is("some-other-cruise-config"));
        assertThat(fileContents(configZip, FilenameUtils.separatorsToSystem("some_dir/cipher")), is("some-cipher"));
        assertThat(fileContents(configZip, "cruise-config.xml"), is(goConfigService.xml()));
        byte[] realDesCipher = new DESCipherProvider(systemEnvironment).getKey();
        byte[] realAESCipher = new AESCipherProvider(systemEnvironment).getKey();
        assertThat(fileContents(configZip, "cipher"), is(encodeHexString(realDesCipher)));
        assertThat(fileContents(configZip, "cipher.aes"), is(encodeHexString(realAESCipher)));
    } finally {
        deleteConfigFileIfExists("foo", "bar", "baz", "hello", "some_dir");
    }
}
Also used : ServerBackup(com.thoughtworks.go.server.domain.ServerBackup) DESCipherProvider(com.thoughtworks.go.security.DESCipherProvider) AESCipherProvider(com.thoughtworks.go.security.AESCipherProvider) Test(org.junit.jupiter.api.Test)

Example 2 with DESCipherProvider

use of com.thoughtworks.go.security.DESCipherProvider in project gocd by gocd.

the class DirectoryStructureWalker method backupConfig.

private void backupConfig(File backupDir, List<BackupUpdateListener> backupUpdateListeners) throws IOException {
    notifyUpdateToListeners(backupUpdateListeners, BackupProgressStatus.BACKUP_CONFIG);
    String configDirectory = systemEnvironment.getConfigDir();
    try (ZipOutputStream configZip = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(new File(backupDir, CONFIG_BACKUP_ZIP))))) {
        File cruiseConfigFile = new File(systemEnvironment.getCruiseConfigFile());
        File desCipherFile = systemEnvironment.getDESCipherFile();
        File aesCipherFile = systemEnvironment.getAESCipherFile();
        new DirectoryStructureWalker(configDirectory, configZip, cruiseConfigFile, desCipherFile, aesCipherFile).walk();
        configZip.putNextEntry(new ZipEntry(cruiseConfigFile.getName()));
        IOUtils.write(goConfigService.xml(), configZip, UTF_8);
        if (desCipherFile.exists()) {
            configZip.putNextEntry(new ZipEntry(desCipherFile.getName()));
            IOUtils.write(encodeHexString(new DESCipherProvider(systemEnvironment).getKey()), configZip, UTF_8);
        }
        configZip.putNextEntry(new ZipEntry(aesCipherFile.getName()));
        IOUtils.write(encodeHexString(new AESCipherProvider(systemEnvironment).getKey()), configZip, UTF_8);
    }
}
Also used : DESCipherProvider(com.thoughtworks.go.security.DESCipherProvider) ZipOutputStream(java.util.zip.ZipOutputStream) ZipEntry(java.util.zip.ZipEntry) AESCipherProvider(com.thoughtworks.go.security.AESCipherProvider) Hex.encodeHexString(org.apache.commons.codec.binary.Hex.encodeHexString)

Example 3 with DESCipherProvider

use of com.thoughtworks.go.security.DESCipherProvider in project gocd by gocd.

the class ConfigCipherUpdater method migrate.

public void migrate() {
    File cipherFile = systemEnvironment.getDESCipherFile();
    String timestamp = new SimpleDateFormat("yyyy-MM-dd-HH-mm-ss").format(timeProvider.currentTime());
    File backupCipherFile = new File(systemEnvironment.getConfigDir(), "cipher.original." + timestamp);
    File configFile = new File(systemEnvironment.getCruiseConfigFile());
    File backupConfigFile = new File(configFile.getParentFile(), configFile.getName() + ".original." + timestamp);
    try {
        if (!cipherFile.exists() || !FileUtils.readFileToString(cipherFile, UTF_8).equals(FLAWED_VALUE)) {
            return;
        }
        LOGGER.info("Found unsafe cipher {} on server, Go will make an attempt to rekey", FLAWED_VALUE);
        FileUtils.copyFile(cipherFile, backupCipherFile);
        LOGGER.info("Old cipher was successfully backed up to {}", backupCipherFile.getAbsoluteFile());
        FileUtils.copyFile(configFile, backupConfigFile);
        LOGGER.info("Old config was successfully backed up to {}", backupConfigFile.getAbsoluteFile());
        String oldCipher = FileUtils.readFileToString(backupCipherFile, UTF_8);
        new DESCipherProvider(systemEnvironment).resetCipher();
        String newCipher = FileUtils.readFileToString(cipherFile, UTF_8);
        if (newCipher.equals(oldCipher)) {
            LOGGER.warn("Unable to generate a new safe cipher. Your cipher is unsafe.");
            FileUtils.deleteQuietly(backupCipherFile);
            FileUtils.deleteQuietly(backupConfigFile);
            return;
        }
        Document document = new SAXBuilder().build(configFile);
        List<String> encryptedAttributes = Arrays.asList("encryptedPassword", "encryptedManagerPassword");
        List<String> encryptedNodes = Arrays.asList("encryptedValue");
        XPathFactory xPathFactory = XPathFactory.instance();
        for (String attributeName : encryptedAttributes) {
            XPathExpression<Element> xpathExpression = xPathFactory.compile(String.format("//*[@%s]", attributeName), Filters.element());
            List<Element> encryptedPasswordElements = xpathExpression.evaluate(document);
            for (Element element : encryptedPasswordElements) {
                Attribute encryptedPassword = element.getAttribute(attributeName);
                encryptedPassword.setValue(reEncryptUsingNewKey(decodeHex(oldCipher), decodeHex(newCipher), encryptedPassword.getValue()));
                LOGGER.debug("Replaced encrypted value at {}", element.toString());
            }
        }
        for (String nodeName : encryptedNodes) {
            XPathExpression<Element> xpathExpression = xPathFactory.compile(String.format("//%s", nodeName), Filters.element());
            List<Element> encryptedNode = xpathExpression.evaluate(document);
            for (Element element : encryptedNode) {
                element.setText(reEncryptUsingNewKey(decodeHex(oldCipher), decodeHex(newCipher), element.getValue()));
                LOGGER.debug("Replaced encrypted value at {}", element.toString());
            }
        }
        try (FileOutputStream fileOutputStream = new FileOutputStream(configFile)) {
            XmlUtils.writeXml(document, fileOutputStream);
        }
        LOGGER.info("Successfully re-encrypted config");
    } catch (Exception e) {
        LOGGER.error("Re-keying of cipher failed with error: [{}]", e.getMessage(), e);
        if (backupCipherFile.exists()) {
            try {
                FileUtils.copyFile(backupCipherFile, cipherFile);
            } catch (IOException e1) {
                LOGGER.error("Could not replace the cipher file [{}] with original one [{}], please do so manually. Error: [{}]", cipherFile.getAbsolutePath(), backupCipherFile.getAbsolutePath(), e.getMessage(), e);
                bomb(e1);
            }
        }
    }
}
Also used : DESCipherProvider(com.thoughtworks.go.security.DESCipherProvider) SAXBuilder(org.jdom2.input.SAXBuilder) Attribute(org.jdom2.Attribute) Element(org.jdom2.Element) IOException(java.io.IOException) Document(org.jdom2.Document) CryptoException(com.thoughtworks.go.security.CryptoException) IOException(java.io.IOException) XPathFactory(org.jdom2.xpath.XPathFactory) FileOutputStream(java.io.FileOutputStream) File(java.io.File) SimpleDateFormat(java.text.SimpleDateFormat)

Example 4 with DESCipherProvider

use of com.thoughtworks.go.security.DESCipherProvider in project gocd by gocd.

the class BackupServiceIntegrationTest method setUp.

@BeforeEach
public void setUp() throws Exception {
    configHelper.onSetUp();
    dbHelper.onSetUp();
    admin = new Username(new CaseInsensitiveString("admin"));
    configHelper.enableSecurity();
    configHelper.addAdmins(CaseInsensitiveString.str(admin.getUsername()));
    goConfigDao.forceReload();
    backupsDirectory = new File(artifactsDirHolder.getArtifactsDir(), ServerConfig.SERVER_BACKUPS);
    cleanupBackups();
    originalCipher = new DESCipherProvider(systemEnvironment).getKey();
    FileUtils.writeStringToFile(new File(systemEnvironment.getConfigDir(), "cruise-config.xml"), "invalid crapy config", UTF_8);
    FileUtils.writeStringToFile(new File(systemEnvironment.getConfigDir(), "cipher"), "invalid crapy cipher", UTF_8);
    FileUtils.writeStringToFile(new File(systemEnvironment.getConfigDir(), "cipher.aes"), "invalid crapy cipher", UTF_8);
    systemEnvSpy = spy(systemEnvironment);
    when(systemEnvSpy.wrapperConfigDirPath()).thenReturn(Optional.of(WRAPPER_CONFIG_DIR));
    backupService = new BackupService(artifactsDirHolder, goConfigService, timeProvider, backupInfoRepository, systemEnvSpy, configRepository, databaseStrategy, null);
}
Also used : DESCipherProvider(com.thoughtworks.go.security.DESCipherProvider) Username(com.thoughtworks.go.server.domain.Username) BeforeEach(org.junit.jupiter.api.BeforeEach)

Aggregations

DESCipherProvider (com.thoughtworks.go.security.DESCipherProvider)4 AESCipherProvider (com.thoughtworks.go.security.AESCipherProvider)2 CryptoException (com.thoughtworks.go.security.CryptoException)1 ServerBackup (com.thoughtworks.go.server.domain.ServerBackup)1 Username (com.thoughtworks.go.server.domain.Username)1 File (java.io.File)1 FileOutputStream (java.io.FileOutputStream)1 IOException (java.io.IOException)1 SimpleDateFormat (java.text.SimpleDateFormat)1 ZipEntry (java.util.zip.ZipEntry)1 ZipOutputStream (java.util.zip.ZipOutputStream)1 Hex.encodeHexString (org.apache.commons.codec.binary.Hex.encodeHexString)1 Attribute (org.jdom2.Attribute)1 Document (org.jdom2.Document)1 Element (org.jdom2.Element)1 SAXBuilder (org.jdom2.input.SAXBuilder)1 XPathFactory (org.jdom2.xpath.XPathFactory)1 BeforeEach (org.junit.jupiter.api.BeforeEach)1 Test (org.junit.jupiter.api.Test)1