public String getValueForDisplay() { if (isSecure) { return getEncryptedValue(); } return value.getValue(); }
CREnvironmentVariable environmentVariableConfigToCREnvironmentVariable(EnvironmentVariableConfig environmentVariableConfig) { if (environmentVariableConfig.isSecure()) { return new CREnvironmentVariable(environmentVariableConfig.getName(), null, environmentVariableConfig.getEncryptedValue()); } else { String value = environmentVariableConfig.getValue(); if(StringUtils.isBlank(value)) value = ""; return new CREnvironmentVariable(environmentVariableConfig.getName(), value); } }
@Test public void shouldEncryptValueWhenChanged() throws CryptoException { GoCipher mockGoCipher = mock(GoCipher.class); String plainText = "password"; String cipherText = "encrypted"; when(mockGoCipher.encrypt(plainText)).thenReturn(cipherText); when(mockGoCipher.decrypt(cipherText)).thenReturn(plainText); EnvironmentVariableConfig environmentVariableConfig = new EnvironmentVariableConfig(mockGoCipher); HashMap firstSubmit = getAttributeMap(plainText, "true", "true"); environmentVariableConfig.setConfigAttributes(firstSubmit); assertThat(environmentVariableConfig.getEncryptedValue(), is(cipherText)); }
@Test public void shouldReturnEncryptedValueForSecureVariables() throws CryptoException { when(goCipher.encrypt("bar")).thenReturn("encrypted"); when(goCipher.decrypt("encrypted")).thenReturn("bar"); EnvironmentVariableConfig environmentVariableConfig = new EnvironmentVariableConfig(goCipher, "foo", "bar", true); assertThat(environmentVariableConfig.getName(), is("foo")); assertThat(environmentVariableConfig.getValue(), is("bar")); assertThat(environmentVariableConfig.getValueForDisplay(), is(environmentVariableConfig.getEncryptedValue())); }
@Test public void shouldEncryptValueWhenConstructedAsSecure() throws CryptoException { GoCipher goCipher = mock(GoCipher.class); String encryptedText = "encrypted"; when(goCipher.encrypt("password")).thenReturn(encryptedText); EnvironmentVariableConfig environmentVariableConfig = new EnvironmentVariableConfig(goCipher); HashMap attrs = getAttributeMap("password", "true", "true"); environmentVariableConfig.setConfigAttributes(attrs); assertThat(environmentVariableConfig.getEncryptedValue(), is(encryptedText)); assertThat(environmentVariableConfig.getName(), is("foo")); assertThat(environmentVariableConfig.isSecure(), is(true)); }
@Test public void shouldCopyEnvironmentVariableConfig() { EnvironmentVariableConfig secureEnvironmentVariable = new EnvironmentVariableConfig(goCipher, "plain_key", "plain_value", true); EnvironmentVariableConfig copy = new EnvironmentVariableConfig(secureEnvironmentVariable); assertThat(copy.getName(), is(secureEnvironmentVariable.getName())); assertThat(copy.getValue(), is(secureEnvironmentVariable.getValue())); assertThat(copy.getEncryptedValue(), is(secureEnvironmentVariable.getEncryptedValue())); assertThat(copy.isSecure(), is(secureEnvironmentVariable.isSecure())); }
@Test public void shouldRetainEncryptedVariableWhenNotEdited() throws CryptoException { GoCipher mockGoCipher = mock(GoCipher.class); String plainText = "password"; String cipherText = "encrypted"; when(mockGoCipher.encrypt(plainText)).thenReturn(cipherText); when(mockGoCipher.decrypt(cipherText)).thenReturn(plainText); when(mockGoCipher.encrypt(cipherText)).thenReturn("SHOULD NOT DO THIS"); EnvironmentVariableConfig environmentVariableConfig = new EnvironmentVariableConfig(mockGoCipher); HashMap firstSubmit = getAttributeMap(plainText, "true", "true"); environmentVariableConfig.setConfigAttributes(firstSubmit); HashMap secondSubmit = getAttributeMap(cipherText, "true", "false"); environmentVariableConfig.setConfigAttributes(secondSubmit); assertThat(environmentVariableConfig.getEncryptedValue(), is(cipherText)); assertThat(environmentVariableConfig.getName(), is("foo")); assertThat(environmentVariableConfig.isSecure(), is(true)); verify(mockGoCipher, never()).encrypt(cipherText); }
@Test public void shouldMigrateEncryptedEnvironmentVariablesWithNewlineAndSpaces_XslMigrationFrom88To90() throws Exception { resetCipher.setupDESCipherFile(); String plainText = "user-password!"; // "user-password!" encrypted using the above key String encryptedValue = "mvcX9yrQsM4iPgm1tDxN1A=="; String encryptedValueWithWhitespaceAndNewline = new StringBuilder(encryptedValue).insert(2, "\r\n" + " ").toString(); String content = configWithPipeline( "<pipeline name='some_pipeline'>" + "<environmentvariables>\n" + " <variable name=\"var_name\" secure=\"true\"><encryptedValue>" + encryptedValueWithWhitespaceAndNewline + "</encryptedValue></variable>\n" + " </environmentvariables>" + " <materials>" + " <svn url='svnurl'/>" + " </materials>" + " <stage name='some_stage'>" + " <jobs>" + " <job name='some_job'>" + " </job>" + " </jobs>" + " </stage>" + "</pipeline>", 88); CruiseConfig config = ConfigMigrator.loadWithMigration(content).config; assertThat(config.allPipelines().get(0).getVariables().get(0).getValue(), is(plainText)); assertThat(config.allPipelines().get(0).getVariables().get(0).getEncryptedValue(), startsWith("AES:")); }
@Test public void shouldAllowAnEnvironmentVariableToBeMarkedAsSecure_WithEncryptedValueInItsOwnTag() throws Exception { String value = "abc"; String encryptedValue = new GoCipher().encrypt(value); String content = configWithPipeline(format( "<pipeline name='some_pipeline'>" + "<environmentvariables>\n" + " <variable name=\"var_name\" secure=\"true\"><encryptedValue>%s</encryptedValue></variable>\n" + " </environmentvariables>" + " <materials>" + " <svn url='svnurl'/>" + " </materials>" + " <stage name='some_stage'>" + " <jobs>" + " <job name='some_job'>" + " </job>" + " </jobs>" + " </stage>" + "</pipeline>", encryptedValue), CONFIG_SCHEMA_VERSION); CruiseConfig config = ConfigMigrator.loadWithMigration(content).config; PipelineConfig pipelineConfig = config.pipelineConfigByName(new CaseInsensitiveString("some_pipeline")); EnvironmentVariablesConfig variables = pipelineConfig.getVariables(); assertThat(variables.size(), is(1)); EnvironmentVariableConfig environmentVariableConfig = variables.get(0); assertThat(environmentVariableConfig.getEncryptedValue(), is(encryptedValue)); assertThat(environmentVariableConfig.isSecure(), is(true)); }
@Test public void shouldAllowAnEnvironmentVariableToBeMarkedAsSecure_WithValueInItsOwnTag() throws Exception { String cipherText = new GoCipher().encrypt("plainText"); String content = configWithPipeline( "<pipeline name='some_pipeline'>" + "<environmentvariables>\n" + " <variable name=\"var_name\" secure=\"true\"><encryptedValue>" + cipherText + "</encryptedValue></variable>\n" + " </environmentvariables>" + " <materials>" + " <svn url='svnurl'/>" + " </materials>" + " <stage name='some_stage'>" + " <jobs>" + " <job name='some_job'>" + " </job>" + " </jobs>" + " </stage>" + "</pipeline>", CONFIG_SCHEMA_VERSION); CruiseConfig config = ConfigMigrator.loadWithMigration(content).config; PipelineConfig pipelineConfig = config.pipelineConfigByName(new CaseInsensitiveString("some_pipeline")); EnvironmentVariablesConfig variables = pipelineConfig.getVariables(); assertThat(variables.size(), is(1)); EnvironmentVariableConfig environmentVariableConfig = variables.get(0); assertThat(environmentVariableConfig.getEncryptedValue(), is(cipherText)); assertThat(environmentVariableConfig.isSecure(), is(true)); }
@Test public void shouldMigrateDESEncryptedEnvironmentVariables_XslMigrationFrom108To109() throws Exception { resetCipher.setupDESCipherFile(); String clearText = "user-password!"; // "user-password!" encrypted using the above key String desEncryptedPassword = "mvcX9yrQsM4iPgm1tDxN1A=="; String content = configWithPipeline( "" + "<pipeline name='some_pipeline'>" + " <environmentvariables>" + " <variable name='var_name' secure='true'>" + " <encryptedValue>" + desEncryptedPassword + "</encryptedValue>" + " </variable>" + " </environmentvariables>" + " <materials>" + " <svn url='svnurl'/>" + " </materials>" + " <stage name='some_stage'>" + " <jobs>" + " <job name='some_job'>" + " </job>" + " </jobs>" + " </stage>" + "</pipeline>", 108); CruiseConfig config = ConfigMigrator.loadWithMigration(content).config; assertThat(config.allPipelines().get(0).getVariables().get(0).getValue(), is(clearText)); String encryptedValue = config.allPipelines().get(0).getVariables().get(0).getEncryptedValue(); assertThat(encryptedValue, startsWith("AES:")); assertThat(new AESEncrypter(new AESCipherProvider(systemEnvironment)).decrypt(encryptedValue), is("user-password!")); }