private Mac hmac() { if (mac == null) { try { mac = Mac.getInstance("HmacSHA256"); SecretKeySpec secretKey = new SecretKeySpec(goConfigService.serverConfig().getTokenGenerationKey().getBytes(), "HmacSHA256"); mac.init(secretKey); } catch (NoSuchAlgorithmException | InvalidKeyException e) { throw new RuntimeException(e); } } return mac; }
public void validate(CruiseConfig cruiseConfig) { ServerConfig server = cruiseConfig.server(); String newTokenGenerationKey = server.getTokenGenerationKey(); if (tokenGenerationKey == null) { tokenGenerationKey = newTokenGenerationKey; } if (tokenGenerationKey == null || tokenGenerationKey.equals(newTokenGenerationKey) || ! systemEnvironment.enforceServerImmutability() ) { return; } throw new RuntimeException("The value of 'tokenGenerationKey' cannot be modified while the server is online. If you really want to make this change, you may do so while the server is offline. Please note: updating 'tokenGenerationKey' will invalidate all registration tokens issued to the agents so far."); }
@Test public void shouldEnsureTokenGenerationKeyExists() throws Exception { ServerConfig serverConfig = new ServerConfig(); assertNull(serverConfig.getTokenGenerationKey()); assertNotNull(serverConfig.getClass().getMethod("ensureTokenGenerationKeyExists").getAnnotation(PostConstruct.class)); serverConfig.ensureTokenGenerationKeyExists(); assertTrue(StringUtils.isNotBlank(serverConfig.getTokenGenerationKey())); } }
@Test public void shouldRememberTokenGenerationKeyOnStartup() throws Exception { final BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); tokenGenerationKeyImmutabilityValidator.validate(cruiseConfig); assertThat(tokenGenerationKeyImmutabilityValidator.getTokenGenerationKey(), is(cruiseConfig.server().getTokenGenerationKey())); }
@Test public void shouldAllowSaveIfTokenGenerationKeyIsUnChanged() throws Exception { final BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); tokenGenerationKeyImmutabilityValidator.validate(cruiseConfig); assertThat(tokenGenerationKeyImmutabilityValidator.getTokenGenerationKey(), is(cruiseConfig.server().getTokenGenerationKey())); cruiseConfig.server().useSecurity(new SecurityConfig()); tokenGenerationKeyImmutabilityValidator.validate(cruiseConfig); assertThat(tokenGenerationKeyImmutabilityValidator.getTokenGenerationKey(), is(cruiseConfig.server().getTokenGenerationKey())); } }
@Test public void shouldErrorOutIfTokenGenerationKeyIsChanged() throws Exception { final BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); tokenGenerationKeyImmutabilityValidator.validate(cruiseConfig); assertThat(tokenGenerationKeyImmutabilityValidator.getTokenGenerationKey(), is(cruiseConfig.server().getTokenGenerationKey())); thrown.expect(RuntimeException.class); thrown.expectMessage("The value of 'tokenGenerationKey' cannot be modified while the server is online. If you really want to make this change, you may do so while the server is offline. Please note: updating 'tokenGenerationKey' will invalidate all registration tokens issued to the agents so far."); tokenGenerationKeyImmutabilityValidator.validate(GoConfigMother.defaultCruiseConfig()); }