Skip to content

Commit

Permalink
Add vault name to secret not found message (#14)
Browse files Browse the repository at this point in the history 
* Add vault name to secret not found message

* Log when certificate not found
  • Loading branch information
@timja
timja authored Feb 4, 2019
1 parent d2243ee commit 12060d4
Showing 1 changed file with 45 additions and 32 deletions.
77 changes: 45 additions & 32 deletions src/main/java/org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultBuildWrapper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,43 +281,56 @@ public void setUp(Context context, Run<?, ?> build, FilePath workspace,
valuesToMask.add(bundle.value());
context.env(secret.getEnvVariable(), bundle.value());
} else {
throw new AzureKeyVaultException(String.format("Secret: %s not found", secret.getName()));
throw new AzureKeyVaultException(
String.format(
"Secret: %s not found in vault: %s",
secret.getName(),
getKeyVaultURL()
)
);
}
} else if (secret.isCertificate()) {
// Get Certificate from Keyvault as a Secret
SecretBundle bundle = getSecret(client, secret);
if (bundle == null) {
continue;
}
try {
// Base64 decode the result and use a keystore to parse the key/cert
byte[] bytes = DatatypeConverter.parseBase64Binary(bundle.value());
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(new ByteArrayInputStream(bytes), emptyCharArray);

// Extract the key(s) and cert(s) and save them in a *second* keystore
// because the first keystore yields a corrupted PFX when written to disk
KeyStore ks2 = KeyStore.getInstance("PKCS12");
ks2.load(null, null);

for (Enumeration<String> e = ks.aliases(); e.hasMoreElements(); ) {
String alias = e.nextElement();
Certificate[] chain = ks.getCertificateChain(alias);
Key privateKey = ks.getKey(alias, emptyCharArray);
ks2.setKeyEntry(alias, privateKey, emptyCharArray, chain);
if (bundle != null) {
try {
// Base64 decode the result and use a keystore to parse the key/cert
byte[] bytes = DatatypeConverter.parseBase64Binary(bundle.value());
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(new ByteArrayInputStream(bytes), emptyCharArray);

// Extract the key(s) and cert(s) and save them in a *second* keystore
// because the first keystore yields a corrupted PFX when written to disk
KeyStore ks2 = KeyStore.getInstance("PKCS12");
ks2.load(null, null);

for (Enumeration<String> e = ks.aliases(); e.hasMoreElements(); ) {
String alias = e.nextElement();
Certificate[] chain = ks.getCertificateChain(alias);
Key privateKey = ks.getKey(alias, emptyCharArray);
ks2.setKeyEntry(alias, privateKey, emptyCharArray, chain);
}

// Write PFX to disk on executor, which may be a separate physical system
FilePath outFile = workspace.createTempFile("keyvault", "pfx");
OutputStream outFileStream = outFile.write();
ks2.store(outFileStream, emptyCharArray);
outFileStream.close();
URI uri = outFile.toURI();
valuesToMask.add(uri.getPath());
context.env(secret.getEnvVariable(), uri.getPath());

} catch (Exception e) {
throw new AzureKeyVaultException(e.getMessage(), e);
}

// Write PFX to disk on executor, which may be a separate physical system
FilePath outFile = workspace.createTempFile("keyvault", "pfx");
OutputStream outFileStream = outFile.write();
ks2.store(outFileStream, emptyCharArray);
outFileStream.close();
URI uri = outFile.toURI();
valuesToMask.add(uri.getPath());
context.env(secret.getEnvVariable(), uri.getPath());

} catch (Exception e) {
throw new AzureKeyVaultException(e.getMessage(), e);
} else {
throw new AzureKeyVaultException(
String.format(
"Certificate: %s not found in vault: %s",
secret.getName(),
getKeyVaultURL()
)
);
}
}
}
Expand Down

0 comments on commit 12060d4

Please sign in to comment.