From 3f31d68eed6fbe11516ca3afe3955c8840a6e974 Mon Sep 17 00:00:00 2001 From: Mitch Denny Date: Sat, 19 Jun 2021 01:57:11 +1000 Subject: [PATCH] Add main to newish ci files (#22380) * Investigate crypto provider issue. * Dump security policy. * Try different path for policy. * Dump JRE folder. * Fix up verify agent OS usage. * Switch to DevOps hosted pool to see if the problem still exists there. * Remove dump JRE folder. * Re-enable test. * Revert "Changed KV cryptography tests to avoid using a hardcoded security provider. (#21703)" This reverts commit aa472e0464ceeaf8455c7e18090477a642eeab44. * Disable secp256k1 curve. * List contents of JDK bin. * List bin folder. * Add code to dump providers. * Fix indentation. * Move test app to after checkout. * Disable sparse checkout. * remove more sparse checkout. * Try a different name for the crypto provider. * Add main to newish CI files. --- eng/pipelines/templates/jobs/ci.tests.yml | 12 +++ .../templates/stages/platform-matrix.json | 4 +- .../steps/initialize-test-environment.yml | 37 ++++----- java-security/demo/pom.xml | 75 +++++++++++++++++++ .../demo/src/main/java/com/example/App.java | 27 +++++++ .../src/test/java/com/example/AppTest.java | 20 +++++ sdk/deviceupdate/ci.yml | 2 + .../cryptography/CryptographyClientTest.java | 73 ++++-------------- sdk/redisenterprise/ci.yml | 2 + sdk/storagecache/ci.yml | 2 + 10 files changed, 177 insertions(+), 77 deletions(-) create mode 100644 java-security/demo/pom.xml create mode 100644 java-security/demo/src/main/java/com/example/App.java create mode 100644 java-security/demo/src/test/java/com/example/AppTest.java diff --git a/eng/pipelines/templates/jobs/ci.tests.yml b/eng/pipelines/templates/jobs/ci.tests.yml index 7f7577079ed06..1e1a1a3c76bf5 100644 --- a/eng/pipelines/templates/jobs/ci.tests.yml +++ b/eng/pipelines/templates/jobs/ci.tests.yml @@ -65,6 +65,18 @@ jobs: - template: ../steps/install-reporting-tools.yml + - task: Maven@3 + displayName: 'Print security providers' + inputs: + mavenPomFile: 'java-security/demo/pom.xml' + goals: 'compile exec:java' + javaHomeOption: 'JDKVersion' + jdkVersionOption: '11' + jdkArchitectureOption: 'x64' + options: '-Dexec.mainClass="com.example.App"' + publishJUnitResults: false + + - ${{ parameters.PreTestSteps }} - task: PythonScript@0 diff --git a/eng/pipelines/templates/stages/platform-matrix.json b/eng/pipelines/templates/stages/platform-matrix.json index 039a6683c630d..fc501e70204cd 100644 --- a/eng/pipelines/templates/stages/platform-matrix.json +++ b/eng/pipelines/templates/stages/platform-matrix.json @@ -4,8 +4,8 @@ }, "matrix": { "Agent": { - "ubuntu-18.04": { "OSVmImage": "MMSUbuntu18.04", "Pool": "azsdk-pool-mms-ubuntu-1804-general" }, - "windows-2019": { "OSVmImage": "MMS2019", "Pool": "azsdk-pool-mms-win-2019-general" }, + "ubuntu-18.04": { "OSVmImage": "ubuntu-18.04", "Pool": "Azure Pipelines" }, + "windows-2019": { "OSVmImage": "windows-2019", "Pool": "Azure Pipelines" }, "macOS-10.15": { "OSVmImage": "macOS-10.15", "Pool": "Azure Pipelines" } }, "JavaTestVersion": [ "1.8", "1.11" ], diff --git a/eng/pipelines/templates/steps/initialize-test-environment.yml b/eng/pipelines/templates/steps/initialize-test-environment.yml index a790ac820ec66..9514f21865827 100644 --- a/eng/pipelines/templates/steps/initialize-test-environment.yml +++ b/eng/pipelines/templates/steps/initialize-test-environment.yml @@ -15,14 +15,15 @@ parameters: default: client steps: - - template: /eng/common/pipelines/templates/steps/sparse-checkout.yml - parameters: - Paths: - - '**/*.xml' - - 'sdk/${{ parameters.ServiceDirectory }}' - - ${{ if not(parameters.CheckoutRecordings) }}: - - '!sdk/**/test-recordings' - - '!sdk/**/session-records' + - checkout: self + # - template: /eng/common/pipelines/templates/steps/sparse-checkout.yml + # parameters: + # Paths: + # - '**/*.xml' + # - 'sdk/${{ parameters.ServiceDirectory }}' + # - ${{ if not(parameters.CheckoutRecordings) }}: + # - '!sdk/**/test-recordings' + # - '!sdk/**/session-records' - task: UsePythonVersion@0 displayName: 'Use Python 3.6' @@ -55,14 +56,14 @@ steps: SDKType: ${{ parameters.SDKType }} ServiceDirectory: ${{ parameters.ServiceDirectory }} - - task: PythonScript@0 - displayName: 'Generate directories variable for sparse checkout' - inputs: - scriptPath: 'eng/scripts/generate_from_source_pom.py' - arguments: '--set-pipeline-variable CheckoutDirectories --project-list $(ProjectList)' - workingDirectory: '$(System.DefaultWorkingDirectory)' + # - task: PythonScript@0 + # displayName: 'Generate directories variable for sparse checkout' + # inputs: + # scriptPath: 'eng/scripts/generate_from_source_pom.py' + # arguments: '--set-pipeline-variable CheckoutDirectories --project-list $(ProjectList)' + # workingDirectory: '$(System.DefaultWorkingDirectory)' - - template: /eng/common/pipelines/templates/steps/sparse-checkout.yml - parameters: - SkipDefaultCheckout: true - Paths: $(CheckoutDirectories) + # - template: /eng/common/pipelines/templates/steps/sparse-checkout.yml + # parameters: + # SkipDefaultCheckout: true + # Paths: $(CheckoutDirectories) diff --git a/java-security/demo/pom.xml b/java-security/demo/pom.xml new file mode 100644 index 0000000000000..b500132c7b16c --- /dev/null +++ b/java-security/demo/pom.xml @@ -0,0 +1,75 @@ + + + + 4.0.0 + + com.example + demo + 1.0-SNAPSHOT + + demo + + http://www.example.com + + + UTF-8 + 1.7 + 1.7 + + + + + junit + junit + 4.11 + test + + + + + + + + + maven-clean-plugin + 3.1.0 + + + + maven-resources-plugin + 3.0.2 + + + maven-compiler-plugin + 3.8.0 + + + maven-surefire-plugin + 2.22.1 + + + maven-jar-plugin + 3.0.2 + + + maven-install-plugin + 2.5.2 + + + maven-deploy-plugin + 2.8.2 + + + + maven-site-plugin + 3.7.1 + + + maven-project-info-reports-plugin + 3.0.0 + + + + + diff --git a/java-security/demo/src/main/java/com/example/App.java b/java-security/demo/src/main/java/com/example/App.java new file mode 100644 index 0000000000000..886cf561efac4 --- /dev/null +++ b/java-security/demo/src/main/java/com/example/App.java @@ -0,0 +1,27 @@ +package com.example; + +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.Security; +import java.util.Arrays; + +/** + * Hello world! + * + */ +public class App +{ + public static void main( String[] args ) throws NoSuchAlgorithmException + { + System.out.println(Arrays.toString(Security.getProviders())); + + Provider provider = Security.getProvider("SunEC"); + + System.out.println(provider); + + KeyPairGenerator generator = KeyPairGenerator.getInstance("EC", provider); + + System.out.println(generator); + } +} diff --git a/java-security/demo/src/test/java/com/example/AppTest.java b/java-security/demo/src/test/java/com/example/AppTest.java new file mode 100644 index 0000000000000..22a94ca6f01c9 --- /dev/null +++ b/java-security/demo/src/test/java/com/example/AppTest.java @@ -0,0 +1,20 @@ +package com.example; + +import static org.junit.Assert.assertTrue; + +import org.junit.Test; + +/** + * Unit test for simple App. + */ +public class AppTest +{ + /** + * Rigorous Test :-) + */ + @Test + public void shouldAnswerWithTrue() + { + assertTrue( true ); + } +} diff --git a/sdk/deviceupdate/ci.yml b/sdk/deviceupdate/ci.yml index d920b8199cf50..f98d693985347 100644 --- a/sdk/deviceupdate/ci.yml +++ b/sdk/deviceupdate/ci.yml @@ -5,6 +5,7 @@ trigger: branches: include: - master + - main - hotfix/* - release/* paths: @@ -15,6 +16,7 @@ pr: branches: include: - master + - main - feature/* - hotfix/* - release/* diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java index e06ed61f29b7d..6c217d83b61af 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java +++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java @@ -14,7 +14,7 @@ import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm; import com.azure.security.keyvault.keys.cryptography.models.SignatureAlgorithm; import com.azure.security.keyvault.keys.models.JsonWebKey; -//import com.azure.security.keyvault.keys.models.KeyCurveName; +import com.azure.security.keyvault.keys.models.KeyCurveName; import com.azure.security.keyvault.keys.models.KeyOperation; import com.azure.security.keyvault.keys.models.KeyVaultKey; import org.junit.jupiter.api.Test; @@ -22,22 +22,21 @@ import org.junit.jupiter.params.provider.MethodSource; import java.security.InvalidAlgorithmParameterException; -//import java.security.KeyPair; -//import java.security.KeyPairGenerator; +import java.security.KeyPair; +import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; -//import java.security.Provider; -//import java.security.Security; -//import java.security.spec.ECGenParameterSpec; +import java.security.Provider; +import java.security.Security; +import java.security.spec.ECGenParameterSpec; import java.util.Arrays; -//import java.util.HashMap; +import java.util.HashMap; import java.util.List; -//import java.util.Map; +import java.util.Map; import java.util.Random; import static com.azure.security.keyvault.keys.cryptography.TestHelper.DISPLAY_NAME_WITH_ARGUMENTS; import static org.junit.jupiter.api.Assertions.assertArrayEquals; import static org.junit.jupiter.api.Assertions.assertTrue; -//import static org.junit.jupiter.api.Assertions.fail; public class CryptographyClientTest extends CryptographyClientTestBase { private KeyClient client; @@ -202,8 +201,7 @@ public void signVerifyRsa(HttpClient httpClient, CryptographyServiceVersion serv @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS) @MethodSource("com.azure.security.keyvault.keys.cryptography.TestHelper#getTestParameters") public void signVerifyEc(HttpClient httpClient, CryptographyServiceVersion serviceVersion) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { - // TODO: Uncomment after fixing https://github.com/Azure/azure-sdk-for-java/issues/21677 - /*initializeKeyClient(httpClient); + initializeKeyClient(httpClient); Map curveToSignature = new HashMap<>(); curveToSignature.put(KeyCurveName.P_256, SignatureAlgorithm.ES256); curveToSignature.put(KeyCurveName.P_384, SignatureAlgorithm.ES384); @@ -217,28 +215,9 @@ public void signVerifyEc(HttpClient httpClient, CryptographyServiceVersion servi curveToSpec.put(KeyCurveName.P_256K, "secp256k1"); List curveList = Arrays.asList(KeyCurveName.P_256, KeyCurveName.P_384, KeyCurveName.P_521, KeyCurveName.P_256K); - String algorithmName = "EC"; - Provider[] providers = Security.getProviders(); - Provider provider = null; - - for (Provider currentProvider: providers) { - if (currentProvider.containsValue(algorithmName)) { - provider = currentProvider; - - break; - } - } - - if (provider == null) { - for (Provider currentProvider : providers) { - System.out.println(currentProvider.getName()); - } - - fail(String.format("No suitable security provider for algorithm %s was found.", algorithmName)); - } - + Provider provider = Security.getProvider("SunEC version 11"); for (KeyCurveName crv : curveList) { - final KeyPairGenerator generator = KeyPairGenerator.getInstance(algorithmName, provider); + final KeyPairGenerator generator = KeyPairGenerator.getInstance("EC", provider); ECGenParameterSpec gps = new ECGenParameterSpec(curveToSpec.get(crv)); generator.initialize(gps); KeyPair keyPair = generator.generateKeyPair(); @@ -262,13 +241,12 @@ public void signVerifyEc(HttpClient httpClient, CryptographyServiceVersion servi if (!interceptorManager.isPlaybackMode()) { assertTrue(verifyStatus); } - }*/ + } } @Test public void signVerifyEcLocal() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { - // TODO: Uncomment after fixing https://github.com/Azure/azure-sdk-for-java/issues/21677 - /*Map curveToSignature = new HashMap<>(); + Map curveToSignature = new HashMap<>(); curveToSignature.put(KeyCurveName.P_256, SignatureAlgorithm.ES256); curveToSignature.put(KeyCurveName.P_384, SignatureAlgorithm.ES384); curveToSignature.put(KeyCurveName.P_521, SignatureAlgorithm.ES512); @@ -281,28 +259,9 @@ public void signVerifyEcLocal() throws NoSuchAlgorithmException, InvalidAlgorith curveToSpec.put(KeyCurveName.P_256K, "secp256k1"); List curveList = Arrays.asList(KeyCurveName.P_256, KeyCurveName.P_384, KeyCurveName.P_521, KeyCurveName.P_256K); - String algorithmName = "EC"; - Provider[] providers = Security.getProviders(); - Provider provider = null; - - for (Provider currentProvider: providers) { - if (currentProvider.containsValue(algorithmName)) { - provider = currentProvider; - - break; - } - } - - if (provider == null) { - for (Provider currentProvider : providers) { - System.out.println(currentProvider.getName()); - } - - fail(String.format("No suitable security provider for algorithm %s was found.", algorithmName)); - } - + Provider provider = Security.getProvider("SunEC"); for (KeyCurveName crv : curveList) { - final KeyPairGenerator generator = KeyPairGenerator.getInstance(algorithmName, provider); + final KeyPairGenerator generator = KeyPairGenerator.getInstance("EC", provider); ECGenParameterSpec gps = new ECGenParameterSpec(curveToSpec.get(crv)); generator.initialize(gps); KeyPair keyPair = generator.generateKeyPair(); @@ -317,7 +276,7 @@ public void signVerifyEcLocal() throws NoSuchAlgorithmException, InvalidAlgorith Boolean verifyStatus = cryptoClient.verifyData(curveToSignature.get(crv), plainText, signature).isValid(); assertTrue(verifyStatus); - }*/ + } } @Test diff --git a/sdk/redisenterprise/ci.yml b/sdk/redisenterprise/ci.yml index 80b8623846351..e50532f610972 100644 --- a/sdk/redisenterprise/ci.yml +++ b/sdk/redisenterprise/ci.yml @@ -4,6 +4,7 @@ trigger: branches: include: - master + - main - hotfix/* - release/* paths: @@ -14,6 +15,7 @@ pr: branches: include: - master + - main - feature/* - hotfix/* - release/* diff --git a/sdk/storagecache/ci.yml b/sdk/storagecache/ci.yml index d324d05d71043..47bb8503bebc6 100644 --- a/sdk/storagecache/ci.yml +++ b/sdk/storagecache/ci.yml @@ -4,6 +4,7 @@ trigger: branches: include: - master + - main - hotfix/* - release/* paths: @@ -14,6 +15,7 @@ pr: branches: include: - master + - main - feature/* - hotfix/* - release/*