forked from projectkudu/kudu
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
upgrade to .net 4.6, edit webAPI to retrieve/create encrypted master/…
…function keys. Azure/azure-functions-host#662
- Loading branch information
1 parent
6141363
commit 10edfa7
Showing
40 changed files
with
435 additions
and
60 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
using Newtonsoft.Json; | ||
using Newtonsoft.Json.Linq; | ||
using System; | ||
|
||
namespace Kudu.Core.Functions | ||
{ | ||
public class FunctionSecretsJsonOps : IKeyJsonOps<FunctionSecrets> | ||
{ | ||
public int NumberOfKeysInDefaultFormat | ||
{ | ||
get | ||
{ | ||
return 1; | ||
} | ||
} | ||
|
||
// have the schema related info enclosed in this class | ||
public string GenerateKeyJson(Tuple<string, string>[] keyPair, string functionRt, out string unencryptedKey) | ||
{ | ||
unencryptedKey = keyPair[0].Item1; | ||
if (string.CompareOrdinal(functionRt, Constants.FunctionKeyNewFormat) < 0) | ||
{ | ||
return $"{{\"key\":\"{unencryptedKey}\"}}"; | ||
} | ||
else | ||
{ | ||
return $"{{\"keys\":[{{\"name\":\"default\",\"value\":\"{keyPair[0].Item2}\",\"encrypted\": true }}]}}"; | ||
} | ||
} | ||
|
||
public string GetKeyValueFromJson(string json, out bool isEncrypted) | ||
{ | ||
try | ||
{ | ||
JObject hostJson = JObject.Parse(json); | ||
if (hostJson["key"]?.Type == JTokenType.String) | ||
{ | ||
isEncrypted = false; | ||
return hostJson.Value<string>("key"); | ||
} | ||
else if (hostJson["keys"]?.Type == JTokenType.Array) | ||
{ | ||
JArray keys = hostJson.Value<JArray>("keys"); | ||
if (keys.Count >= 1) | ||
{ | ||
JObject keyObject = (JObject)keys[0]; | ||
for (int i = 1; i < keys.Count; i++) | ||
{ | ||
// start from the second | ||
// if we can't find the key named default, return the 1st key found | ||
if (String.Equals(keys[i].Value<string>("name"), "default")) | ||
{ | ||
keyObject = (JObject)keys[i]; | ||
break; | ||
} | ||
} | ||
isEncrypted = keyObject.Value<bool>("encrypted"); | ||
return keyObject.Value<string>("value"); | ||
} | ||
} | ||
} | ||
catch (JsonException) | ||
{ | ||
// all parse issue ==> format exception | ||
} | ||
throw new FormatException($"Invalid secrets json: {json}"); | ||
} | ||
|
||
public FunctionSecrets GenerateKeyObject(string functionKey, string functionName) | ||
{ | ||
return new FunctionSecrets | ||
{ | ||
Key = functionKey, | ||
TriggerUrl = String.Format(@"https://{0}/api/{1}?code={2}", System.Environment.GetEnvironmentVariable("WEBSITE_HOSTNAME") ?? "localhost", functionName, functionKey) | ||
}; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
using Newtonsoft.Json.Linq; | ||
using System; | ||
|
||
namespace Kudu.Core.Functions | ||
{ | ||
public interface IKeyJsonOps<T> | ||
{ | ||
int NumberOfKeysInDefaultFormat | ||
{ | ||
get; | ||
} | ||
|
||
// key generation is based on run time | ||
string GenerateKeyJson(Tuple<string,string>[] keyPairs, string functionRt, out string unencryptedKey); | ||
|
||
// read existing key file based on the content format, not the run time version | ||
string GetKeyValueFromJson(string json, out bool isEncrypted); | ||
|
||
T GenerateKeyObject(string functionKey, string functionName); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
using Newtonsoft.Json; | ||
|
||
namespace Kudu.Core.Functions | ||
{ | ||
public class MasterKey | ||
{ | ||
[JsonProperty(PropertyName = "masterKey")] | ||
public string Key { get; set; } | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
using Newtonsoft.Json; | ||
using Newtonsoft.Json.Linq; | ||
using System; | ||
|
||
namespace Kudu.Core.Functions | ||
{ | ||
public class MasterKeyJsonOps : IKeyJsonOps<MasterKey> | ||
{ | ||
public int NumberOfKeysInDefaultFormat | ||
{ | ||
get | ||
{ | ||
return 2; // 1 masterkey, 1 functionkey in host.json | ||
} | ||
} | ||
|
||
public string GenerateKeyJson(Tuple<string, string>[] keyPair, string functionRt, out string unencryptedKey) | ||
{ | ||
unencryptedKey = keyPair[0].Item1; | ||
if (string.CompareOrdinal(functionRt, Constants.FunctionKeyNewFormat) < 0) | ||
{ | ||
return $"{{\"masterKey\":\"{unencryptedKey}\",\"functionKey\":\"{keyPair[1].Item1}\"}}"; | ||
} | ||
else | ||
{ | ||
return $"{{\"masterKey\":{{\"name\":\"master\",\"value\":\"{keyPair[0].Item2}\",\"encrypted\": true }},\"functionKeys\":[{{\"name\": \"default\",\"value\": \"{keyPair[1].Item2}\",\"encrypted\": true}}]}}"; | ||
} | ||
} | ||
|
||
public string GetKeyValueFromJson(string json, out bool isEncrypted) | ||
{ | ||
try | ||
{ | ||
JObject hostJson = JObject.Parse(json); | ||
if (hostJson["masterKey"]?.Type == JTokenType.String && hostJson["functionKey"]?.Type == JTokenType.String) | ||
{ | ||
isEncrypted = false; | ||
return hostJson.Value<string>("masterKey"); | ||
} | ||
else if (hostJson["masterKey"]?.Type == JTokenType.Object && hostJson["functionKeys"]?.Type == JTokenType.Array) | ||
{ | ||
JObject keyObject = hostJson.Value<JObject>("masterKey"); | ||
isEncrypted = keyObject.Value<bool>("encrypted"); | ||
return keyObject.Value<string>("value"); | ||
} | ||
} | ||
catch (JsonException) | ||
{ | ||
// all parse issue ==> format exception | ||
} | ||
throw new FormatException($"Invalid secrets json: {json}"); | ||
} | ||
|
||
public MasterKey GenerateKeyObject(string masterKey, string Name) | ||
{ | ||
// name is not used | ||
return new MasterKey { Key = masterKey }; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.