diff --git a/src/AWS.Deploy.CLI/Commands/CommandFactory.cs b/src/AWS.Deploy.CLI/Commands/CommandFactory.cs index d6f6f73bc..16d043681 100644 --- a/src/AWS.Deploy.CLI/Commands/CommandFactory.cs +++ b/src/AWS.Deploy.CLI/Commands/CommandFactory.cs @@ -484,7 +484,7 @@ private Command BuildServerModeCommand() { serverModeCommand.Add(new Option(new[] { "--port" }, description: "Port the server mode will listen to.")); serverModeCommand.Add(new Option(new[] { "--parent-pid" }, description: "The ID of the process that is launching server mode. Server mode will exit when the parent pid terminates.")); - serverModeCommand.Add(new Option(new[] { "--encryption-keyinfo-stdin" }, description: "If set the cli reads encryption key info from stdin to use for decryption.")); + serverModeCommand.Add(new Option(new[] { "--unsecure-mode" }, description: "If set the cli uses an unsecure mode without encryption.")); serverModeCommand.Add(_optionDiagnosticLogging); } @@ -493,7 +493,7 @@ private Command BuildServerModeCommand() try { _toolInteractiveService.Diagnostics = input.Diagnostics; - var serverMode = new ServerModeCommand(_toolInteractiveService, input.Port, input.ParentPid, input.EncryptionKeyInfoStdIn); + var serverMode = new ServerModeCommand(_toolInteractiveService, input.Port, input.ParentPid, input.UnsecureMode); await serverMode.ExecuteAsync(); diff --git a/src/AWS.Deploy.CLI/Commands/CommandHandlerInput/ServerModeCommandHandlerInput.cs b/src/AWS.Deploy.CLI/Commands/CommandHandlerInput/ServerModeCommandHandlerInput.cs index 90203bf98..09d2ad861 100644 --- a/src/AWS.Deploy.CLI/Commands/CommandHandlerInput/ServerModeCommandHandlerInput.cs +++ b/src/AWS.Deploy.CLI/Commands/CommandHandlerInput/ServerModeCommandHandlerInput.cs @@ -12,7 +12,7 @@ public class ServerModeCommandHandlerInput { public int Port { get; set; } public int ParentPid { get; set; } - public bool EncryptionKeyInfoStdIn { get; set; } + public bool UnsecureMode { get; set; } public bool Diagnostics { get; set; } } } diff --git a/src/AWS.Deploy.CLI/Commands/ServerModeCommand.cs b/src/AWS.Deploy.CLI/Commands/ServerModeCommand.cs index 834e58748..d14b4aa41 100644 --- a/src/AWS.Deploy.CLI/Commands/ServerModeCommand.cs +++ b/src/AWS.Deploy.CLI/Commands/ServerModeCommand.cs @@ -21,14 +21,14 @@ public class ServerModeCommand private readonly IToolInteractiveService _interactiveService; private readonly int _port; private readonly int? _parentPid; - private readonly bool _encryptionKeyInfoStdIn; + private readonly bool _noEncryptionKeyInfo; - public ServerModeCommand(IToolInteractiveService interactiveService, int port, int? parentPid, bool encryptionKeyInfoStdIn) + public ServerModeCommand(IToolInteractiveService interactiveService, int port, int? parentPid, bool noEncryptionKeyInfo) { _interactiveService = interactiveService; _port = port; _parentPid = parentPid; - _encryptionKeyInfoStdIn = encryptionKeyInfoStdIn; + _noEncryptionKeyInfo = noEncryptionKeyInfo; } public async Task ExecuteAsync(CancellationToken cancellationToken = default(CancellationToken)) @@ -85,9 +85,13 @@ private async Task ShutDownHost(IWebHost host, CancellationToken cancellationTok private IEncryptionProvider CreateEncryptionProvider() { IEncryptionProvider encryptionProvider; - if (_encryptionKeyInfoStdIn) + if (_noEncryptionKeyInfo) { - _interactiveService.WriteLine("Waiting on encryption key info from stdin"); + encryptionProvider = new NoEncryptionProvider(); + } + else + { + _interactiveService.WriteLine("Waiting on symmetric key from stdin"); var input = _interactiveService.ReadLine(); var keyInfo = EncryptionKeyInfo.ParseStdInKeyInfo(input); @@ -108,17 +112,13 @@ private IEncryptionProvider CreateEncryptionProvider() encryptionProvider = new AesEncryptionProvider(aes); break; case null: - throw new InvalidEncryptionKeyInfoException("Missing required \"Version\" property in encryption key info"); + throw new InvalidEncryptionKeyInfoException("Missing required \"Version\" property in the symmetric key"); default: - throw new InvalidEncryptionKeyInfoException($"Unsupported encryption key info {keyInfo.Version}"); + throw new InvalidEncryptionKeyInfoException($"Unsupported symmetric key {keyInfo.Version}"); } _interactiveService.WriteLine("Encryption provider enabled"); } - else - { - encryptionProvider = new NoEncryptionProvider(); - } return encryptionProvider; } diff --git a/src/AWS.Deploy.CLI/ServerMode/EncryptionKeyInfo.cs b/src/AWS.Deploy.CLI/ServerMode/EncryptionKeyInfo.cs index 36e04e9f6..82a624955 100644 --- a/src/AWS.Deploy.CLI/ServerMode/EncryptionKeyInfo.cs +++ b/src/AWS.Deploy.CLI/ServerMode/EncryptionKeyInfo.cs @@ -22,7 +22,7 @@ public class EncryptionKeyInfo public string? Version { get; set; } /// - /// Encryption key base 64 encoded + /// Encryption key base 64 encoded /// public string? Key { get; set; } @@ -33,15 +33,22 @@ public class EncryptionKeyInfo public static EncryptionKeyInfo ParseStdInKeyInfo(string input) { - var json = Encoding.UTF8.GetString(Convert.FromBase64String(input)); - var keyInfo = Newtonsoft.Json.JsonConvert.DeserializeObject(json); + try + { + var json = Encoding.UTF8.GetString(Convert.FromBase64String(input)); + var keyInfo = Newtonsoft.Json.JsonConvert.DeserializeObject(json); + + if(string.IsNullOrEmpty(keyInfo.Key)) + { + throw new InvalidEncryptionKeyInfoException("The symmetric key is missing a \"Key\" attribute."); + } - if(string.IsNullOrEmpty(keyInfo.Key)) + return keyInfo; + } + catch (Exception) { - throw new InvalidEncryptionKeyInfoException("Encryption key info is missing \"Key\" property."); + throw new InvalidEncryptionKeyInfoException($"The symmetric key has not been passed to Stdin or is invalid."); } - - return keyInfo; } } } diff --git a/src/AWS.Deploy.ServerMode.Client/ServerModeSession.cs b/src/AWS.Deploy.ServerMode.Client/ServerModeSession.cs index 8898691cc..a33859fe0 100644 --- a/src/AWS.Deploy.ServerMode.Client/ServerModeSession.cs +++ b/src/AWS.Deploy.ServerMode.Client/ServerModeSession.cs @@ -137,7 +137,7 @@ public async Task Start(CancellationToken cancellationToken) var keyInfoStdin = Convert.ToBase64String(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(keyInfo))); - var command = $"{deployToolRoot} server-mode --port {port} --parent-pid {currentProcessId} --encryption-keyinfo-stdin"; + var command = $"{deployToolRoot} server-mode --port {port} --parent-pid {currentProcessId}"; var startServerTask = _commandLineWrapper.Run(command, keyInfoStdin); _baseUrl = $"http://localhost:{port}"; diff --git a/src/AWS.Deploy.ServerMode.ClientGenerator/Program.cs b/src/AWS.Deploy.ServerMode.ClientGenerator/Program.cs index b27c30ee6..d6b967b7b 100644 --- a/src/AWS.Deploy.ServerMode.ClientGenerator/Program.cs +++ b/src/AWS.Deploy.ServerMode.ClientGenerator/Program.cs @@ -15,7 +15,7 @@ static async Task Main(string[] args) { // Start up the server mode to make the swagger.json file available. var portNumber = 5678; - var serverCommand = new ServerModeCommand(new ConsoleInteractiveServiceImpl(), portNumber, null, false); + var serverCommand = new ServerModeCommand(new ConsoleInteractiveServiceImpl(), portNumber, null, true); var cancelSource = new CancellationTokenSource(); _ = serverCommand.ExecuteAsync(cancelSource.Token); try diff --git a/test/AWS.Deploy.CLI.IntegrationTests/ServerModeTests.cs b/test/AWS.Deploy.CLI.IntegrationTests/ServerModeTests.cs index ef0cd9208..beb178896 100644 --- a/test/AWS.Deploy.CLI.IntegrationTests/ServerModeTests.cs +++ b/test/AWS.Deploy.CLI.IntegrationTests/ServerModeTests.cs @@ -68,7 +68,7 @@ public async Task GetRecommendations() var portNumber = 4000; using var httpClient = ServerModeHttpClientFactory.ConstructHttpClient(ResolveCredentials); - var serverCommand = new ServerModeCommand(_serviceProvider.GetRequiredService(), portNumber, null, false); + var serverCommand = new ServerModeCommand(_serviceProvider.GetRequiredService(), portNumber, null, true); var cancelSource = new CancellationTokenSource(); var serverTask = serverCommand.ExecuteAsync(cancelSource.Token); @@ -119,7 +119,7 @@ public async Task GetRecommendationsWithEncryptedCredentials() await interactiveService.StdInWriter.WriteAsync(keyInfoStdin); await interactiveService.StdInWriter.FlushAsync(); - var serverCommand = new ServerModeCommand(interactiveService, portNumber, null, true); + var serverCommand = new ServerModeCommand(interactiveService, portNumber, null, false); var cancelSource = new CancellationTokenSource(); var serverTask = serverCommand.ExecuteAsync(cancelSource.Token); @@ -160,7 +160,7 @@ public async Task WebFargateDeploymentNoConfigChanges() var portNumber = 4001; using var httpClient = ServerModeHttpClientFactory.ConstructHttpClient(ResolveCredentials); - var serverCommand = new ServerModeCommand(_serviceProvider.GetRequiredService(), portNumber, null, false); + var serverCommand = new ServerModeCommand(_serviceProvider.GetRequiredService(), portNumber, null, true); var cancelSource = new CancellationTokenSource(); var serverTask = serverCommand.ExecuteAsync(cancelSource.Token); diff --git a/test/AWS.Deploy.CLI.UnitTests/ServerModeAuthTests.cs b/test/AWS.Deploy.CLI.UnitTests/ServerModeAuthTests.cs index da3ce450d..e5337e9ca 100644 --- a/test/AWS.Deploy.CLI.UnitTests/ServerModeAuthTests.cs +++ b/test/AWS.Deploy.CLI.UnitTests/ServerModeAuthTests.cs @@ -211,7 +211,7 @@ public async Task AuthMissingEncryptionInfoVersion() await interactiveService.StdInWriter.WriteAsync(keyInfoStdin); await interactiveService.StdInWriter.FlushAsync(); - var serverCommand = new ServerModeCommand(interactiveService, portNumber, null, true); + var serverCommand = new ServerModeCommand(interactiveService, portNumber, null, false); var cancelSource = new CancellationTokenSource(); @@ -230,7 +230,7 @@ public async Task AuthMissingEncryptionInfoVersion() } Assert.NotNull(actualException); - Assert.Equal("Missing required \"Version\" property in encryption key info", actualException.Message); + Assert.Equal("Missing required \"Version\" property in the symmetric key", actualException.Message); } [Fact] @@ -254,7 +254,7 @@ public async Task AuthEncryptionWithInvalidVersion() await interactiveService.StdInWriter.WriteAsync(keyInfoStdin); await interactiveService.StdInWriter.FlushAsync(); - var serverCommand = new ServerModeCommand(interactiveService, portNumber, null, true); + var serverCommand = new ServerModeCommand(interactiveService, portNumber, null, false); var cancelSource = new CancellationTokenSource(); @@ -273,7 +273,7 @@ public async Task AuthEncryptionWithInvalidVersion() } Assert.NotNull(actualException); - Assert.Equal("Unsupported encryption key info not-valid", actualException.Message); + Assert.Equal("Unsupported symmetric key not-valid", actualException.Message); } [Fact] diff --git a/test/AWS.Deploy.CLI.UnitTests/ServerModeTests.cs b/test/AWS.Deploy.CLI.UnitTests/ServerModeTests.cs index 67bea70c9..5018bfcc9 100644 --- a/test/AWS.Deploy.CLI.UnitTests/ServerModeTests.cs +++ b/test/AWS.Deploy.CLI.UnitTests/ServerModeTests.cs @@ -17,8 +17,8 @@ public class ServerModeTests [Fact] public async Task TcpPortIsInUseTest() { - var serverModeCommand1 = new ServerModeCommand(new TestToolInteractiveServiceImpl(), 1234, null, false); - var serverModeCommand2 = new ServerModeCommand(new TestToolInteractiveServiceImpl(), 1234, null, false); + var serverModeCommand1 = new ServerModeCommand(new TestToolInteractiveServiceImpl(), 1234, null, true); + var serverModeCommand2 = new ServerModeCommand(new TestToolInteractiveServiceImpl(), 1234, null, true); var serverModeTask1 = serverModeCommand1.ExecuteAsync(); var serverModeTask2 = serverModeCommand2.ExecuteAsync();