From edc500be969ba564ec06735aadb026205d7dc8ff Mon Sep 17 00:00:00 2001 From: Adam Letizia <43392371+koalaty-code@users.noreply.github.com> Date: Thu, 6 Oct 2022 07:55:34 -0500 Subject: [PATCH] feat: upgrade deps and use valid keyvault domains (#100) --- .github/workflows/pull-request.yml | 4 ++ .github/workflows/verify.yml | 4 ++ ...ureKeyVaultEmulator.AcceptanceTests.csproj | 10 ++-- .../Secrets/CreateSecretTests.cs | 13 ++++- .../Secrets/GetSecretTests.cs | 2 +- .../AzureKeyVaultEmulator.csproj | 2 +- AzureKeyVaultEmulator/Startup.cs | 2 +- README.md | 22 ++++++-- azure-keyvault-emulator.crt | 30 ++++++++++ azure-keyvault-emulator.key | 52 ++++++++++++++++++ azure-keyvault-emulator.pfx | Bin 0 -> 4109 bytes docker-compose.yml | 8 +-- local-certs/azure-key-vault-emulator.crt | 29 ---------- local-certs/azure-key-vault-emulator.key | 52 ------------------ local-certs/azure-keyvault-emulator.crt | 30 ++++++++++ local-certs/azure-keyvault-emulator.key | 52 ++++++++++++++++++ local-certs/azure-keyvault-emulator.pfx | Bin 0 -> 4109 bytes scripts/importcert.sh | 8 +-- scripts/stopservice.sh | 2 +- 19 files changed, 217 insertions(+), 105 deletions(-) create mode 100644 azure-keyvault-emulator.crt create mode 100644 azure-keyvault-emulator.key create mode 100644 azure-keyvault-emulator.pfx delete mode 100644 local-certs/azure-key-vault-emulator.crt delete mode 100644 local-certs/azure-key-vault-emulator.key create mode 100644 local-certs/azure-keyvault-emulator.crt create mode 100644 local-certs/azure-keyvault-emulator.key create mode 100644 local-certs/azure-keyvault-emulator.pfx diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 1660f95..6aef386 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -16,5 +16,9 @@ jobs: with: dotnet-version: 6.0.x + - name: Add hosts to /etc/hosts + run: | + echo "127.0.0.1 localhost.vault.azure.net" | sudo tee -a /etc/hosts + - name: Verify run: make verify diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 298d87a..4f1c669 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -18,6 +18,10 @@ jobs: with: dotnet-version: 6.0.x + - name: Add hosts to /etc/hosts + run: | + echo "127.0.0.1 localhost.vault.azure.net" | sudo tee -a /etc/hosts + - name: Verify run: make verify diff --git a/AzureKeyVaultEmulator.AcceptanceTests/AzureKeyVaultEmulator.AcceptanceTests.csproj b/AzureKeyVaultEmulator.AcceptanceTests/AzureKeyVaultEmulator.AcceptanceTests.csproj index 78303c3..1f04558 100644 --- a/AzureKeyVaultEmulator.AcceptanceTests/AzureKeyVaultEmulator.AcceptanceTests.csproj +++ b/AzureKeyVaultEmulator.AcceptanceTests/AzureKeyVaultEmulator.AcceptanceTests.csproj @@ -7,11 +7,11 @@ - - - - - + + + + + runtime; build; native; contentfiles; analyzers; buildtransitive all diff --git a/AzureKeyVaultEmulator.AcceptanceTests/Secrets/CreateSecretTests.cs b/AzureKeyVaultEmulator.AcceptanceTests/Secrets/CreateSecretTests.cs index b9fa9aa..e92c833 100644 --- a/AzureKeyVaultEmulator.AcceptanceTests/Secrets/CreateSecretTests.cs +++ b/AzureKeyVaultEmulator.AcceptanceTests/Secrets/CreateSecretTests.cs @@ -12,7 +12,12 @@ public class CreateSecretTests public CreateSecretTests() { - _secretClient = new SecretClient(new Uri("https://localhost:5551/"), new LocalTokenCredential()); + _secretClient = new SecretClient(new Uri("https://localhost.vault.azure.net:5551/"), + new LocalTokenCredential(), + new SecretClientOptions + { + DisableChallengeResourceVerification = true + }); } [Fact] @@ -42,8 +47,10 @@ public async Task ShouldBeAbleToCreateASecret() Assert.NotNull(createdSecret.Id); Assert.Equal(secret.Value, createdSecret.Value); Assert.Equal(secret.Properties.Enabled, createdSecret.Properties.Enabled); - Assert.Equal(secret.Properties.ExpiresOn.Value.ToUnixTimeSeconds(), createdSecret.Properties.ExpiresOn.GetValueOrDefault().ToUnixTimeSeconds()); - Assert.Equal(secret.Properties.NotBefore.Value.ToUnixTimeSeconds(), createdSecret.Properties.NotBefore.GetValueOrDefault().ToUnixTimeSeconds()); + Assert.Equal(secret.Properties.ExpiresOn.Value.ToUnixTimeSeconds(), + createdSecret.Properties.ExpiresOn.GetValueOrDefault().ToUnixTimeSeconds()); + Assert.Equal(secret.Properties.NotBefore.Value.ToUnixTimeSeconds(), + createdSecret.Properties.NotBefore.GetValueOrDefault().ToUnixTimeSeconds()); Assert.NotNull(createdSecret.Properties.Version); Assert.Equal("local", createdSecret.Properties.Tags["environment"]); Assert.Equal("true", createdSecret.Properties.Tags["testing"]); diff --git a/AzureKeyVaultEmulator.AcceptanceTests/Secrets/GetSecretTests.cs b/AzureKeyVaultEmulator.AcceptanceTests/Secrets/GetSecretTests.cs index 375999b..f4aa84b 100644 --- a/AzureKeyVaultEmulator.AcceptanceTests/Secrets/GetSecretTests.cs +++ b/AzureKeyVaultEmulator.AcceptanceTests/Secrets/GetSecretTests.cs @@ -13,7 +13,7 @@ public class GetSecretTests public GetSecretTests() { - _secretClient = new SecretClient(new Uri("https://localhost:5551/"), new LocalTokenCredential()); + _secretClient = new SecretClient(new Uri("https://localhost.vault.azure.net:5551/"), new LocalTokenCredential()); } [Fact] diff --git a/AzureKeyVaultEmulator/AzureKeyVaultEmulator.csproj b/AzureKeyVaultEmulator/AzureKeyVaultEmulator.csproj index 136b7a8..764983a 100644 --- a/AzureKeyVaultEmulator/AzureKeyVaultEmulator.csproj +++ b/AzureKeyVaultEmulator/AzureKeyVaultEmulator.csproj @@ -5,7 +5,7 @@ - + diff --git a/AzureKeyVaultEmulator/Startup.cs b/AzureKeyVaultEmulator/Startup.cs index f35de80..6162f03 100644 --- a/AzureKeyVaultEmulator/Startup.cs +++ b/AzureKeyVaultEmulator/Startup.cs @@ -83,7 +83,7 @@ public void ConfigureServices(IServiceCollection services) OnChallenge = context => { context.Response.Headers.Remove("WWW-Authenticate"); - context.Response.Headers["WWW-Authenticate"] = "Bearer authorization=\"https://localhost:5001/foo/bar\", scope=\"foobar\", resource=\"https://some.url\""; + context.Response.Headers["WWW-Authenticate"] = $"Bearer authorization=\"https://localhost:5001/foo/bar\", scope=\"foobar\", resource=\"https://vault.azure.net\""; return Task.CompletedTask; } }; diff --git a/README.md b/README.md index 8f2a780..95b5b63 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,7 @@ For the Azure KeyVault Emulator to be accessible from other containers in the sa echo '[req]'; \ echo 'distinguished_name=req'; \ echo '[san]'; \ - echo 'subjectAltName=DNS.1:localhost,DNS.2:') + echo 'subjectAltName=DNS.1:localhost,DNS.2:,DNS.3:localhost.vault.azure.net,DNS.4:.vault.azure.net') ``` 1. Export a `.pks` formatted key using the public/private keypair generated in the previous step: @@ -92,9 +92,9 @@ For the Azure KeyVault Emulator to be accessible from other containers in the sa services: ... - azure-keyvault-emulator: - container_name: azure-keyvault-emulator + azure-keyvault-emulator: image: basis-theory/azure-keyvault-emulator:latest + hostname: .vault.azure.net ports: - 5001:5001 - 5000:5000 @@ -122,9 +122,23 @@ For the Azure KeyVault Emulator to be accessible from other containers in the sa volumes: - :/https environment: - - KeyVault__BaseUrl=https://azure-keyvault-emulator:5001/ + - KeyVault__BaseUrl=https://.vault.azure.net:5001/ ``` +1. (Optional) Azure KeyVault SDKs verify the challenge resource URL as of v4.4.0 (read more [here](https://devblogs.microsoft.com/azure-sdk/guidance-for-applications-using-the-key-vault-libraries/)). +To satisfy the new challenge resource verification requirements, do one of the following: + 1. Use an emulator hostname that ends with `.vault.azure.net` (e.g. `localhost.vault.azure.net`). A new entry may need to be added to `/etc/hosts` to properly resolve DNS (i.e. `127.0.0.1 localhost.vault.azure.net`). + 1. Set `DisableChallengeResourceVerification` to true in your client options to disable verification. +```csharp +var client = new SecretClient( + new Uri("https://localhost.vault.azure.net:5551/"), + new LocalTokenCredential(), + new SecretClientOptions + { + DisableChallengeResourceVerification = true + }); +``` + ## Development The provided scripts will check for all dependencies, start docker, build the solution, and run all tests. diff --git a/azure-keyvault-emulator.crt b/azure-keyvault-emulator.crt new file mode 100644 index 0000000..30ef583 --- /dev/null +++ b/azure-keyvault-emulator.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFPDCCAySgAwIBAgIJAN6yZUBL6I4XMA0GCSqGSIb3DQEBCwUAMCIxIDAeBgNV +BAMMF2F6dXJlLWtleXZhdWx0LWVtdWxhdG9yMB4XDTIyMTAwNDEzMzMyMloXDTMy +MDcwMzEzMzMyMlowIjEgMB4GA1UEAwwXYXp1cmUta2V5dmF1bHQtZW11bGF0b3Iw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC0NIpwcSq9bQiciTprOLGf +6TwqvdPAO1XlB3B6m0kVhD3wdj7+R3qePeuhFhAGUCczlbMqg47L2Vca6u7ieIna +mPBA0G+fTk486T96qK26XUumVwdbrs5fNrWCCQlD9O5kV1pp2N3AQ6pi5FdMfOWD +cSdvjRIZdhm/PVFWX2PD9xbyJIrPClIGeEcz/hzx4xeRSF4fRGrCaR8GAOJLbG1e +si8SZIXer/bek0iSlrBCUDjcqFVRg3nFMrc85abO7ZDTHbDYxFbEAG+Jd1UXb/y4 +PJCOgK3LTRFprW0U9qPnyrrtHL+zsMCWX4nESeoqkwBsW3XBH/reer3HZOGEk7KJ +OHxZWQGxl+dP+s3kGCjxBCtWbraceFlqbYVwqUG3zZc/M/0g6oNxRuCJS66oUq/5 +XnPZUoTvYDoblKFdlKt6ycNjENu2fDzOgsf6c+qNq+ZlT1CAcwR4NGW6lZ3V29+C +cz/ECztfEwpbZdQFl5aCzMmZD5l3/K8HKFltyxQmtwS7K1cHVzxwMvSCVnV87op6 +EMpUHZ8895KDmZccb25O+B6pW2VEERCUIxC+O6Vb6M0ppUsfJnOd3Qut77NHYKkg +FHCjetzPRX4zHuntpSKPZ4Ax5wexfm7tIbOqCI1VImEzVYdlO4chPA3ceREz4A4o +eGs3zoJcJe7gVHOWisinYQIDAQABo3UwczBxBgNVHREEajBogglsb2NhbGhvc3SC +F2F6dXJlLWtleXZhdWx0LWVtdWxhdG9yghlsb2NhbGhvc3QudmF1bHQuYXp1cmUu +bmV0gidhenVyZS1rZXl2YXVsdC1lbXVsYXRvci52YXVsdC5henVyZS5uZXQwDQYJ +KoZIhvcNAQELBQADggIBAC4tiVEKxmFUPRTsdejW8hETf2RLs2XZYLx7Nz0fPiJD +xUi2Y39R3yHOrcxxOGMgEIg1HiuVALqWVfwTWhlFkChNDNIjknpMNvK1SONWpYcx +6RXg41M9N5myAdxrD5lrjsJ5/FlxYMPp5ONJ2g8Iu4iPpuHu6kpBnMLAXDsnsPzh +fHgswJesE3AJlfEJi4Zftv0BPs3cpfrPYaAHCz9kHBsipKbKYc112wwArcqUh9T6 +BBu8yDjCmKxcrmo8JhSUu4qjBD+YjLyP5TjBIVF84cDHbw4OTFh0QWk5nntQg3sB +2vO5KJpcIIjQYMBrHalipj/tKZAVk3KT64QSBECCf+rxH8zDphED/fOmo55K3v0S +Jrewsdxmuo7KBWzklZ9gzbIdow7/fen90QUl1v33C9cXIS5DfodstOsm10H4k34A +pL05Uz1YYxtAT0ezPmwRKTC9bJ5C4INR+m++4YOtZwwXIXKM35mb6PTGhx8l4J/N +yIzrK/kCbPMPxoH2qjvDuPPeNedccQS6ONaV5NLKE6CBmYIumqgKwEf/n6v/Ns62 +ka1ym8G5rIFwriE1vOj2GVOlnsh6jsKwfRq8WL+Xom1lCTsXORBS+zc3KT/gy74Q +Dkm/ftCTgP+KQA5Of9P+wLmZSUuqGCUhFuDfna8vwBcRBeVYifqcmeu1nj7ejLzf +-----END CERTIFICATE----- diff --git a/azure-keyvault-emulator.key b/azure-keyvault-emulator.key new file mode 100644 index 0000000..eb43b29 --- /dev/null +++ b/azure-keyvault-emulator.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC0NIpwcSq9bQic +iTprOLGf6TwqvdPAO1XlB3B6m0kVhD3wdj7+R3qePeuhFhAGUCczlbMqg47L2Vca +6u7ieInamPBA0G+fTk486T96qK26XUumVwdbrs5fNrWCCQlD9O5kV1pp2N3AQ6pi +5FdMfOWDcSdvjRIZdhm/PVFWX2PD9xbyJIrPClIGeEcz/hzx4xeRSF4fRGrCaR8G +AOJLbG1esi8SZIXer/bek0iSlrBCUDjcqFVRg3nFMrc85abO7ZDTHbDYxFbEAG+J +d1UXb/y4PJCOgK3LTRFprW0U9qPnyrrtHL+zsMCWX4nESeoqkwBsW3XBH/reer3H +ZOGEk7KJOHxZWQGxl+dP+s3kGCjxBCtWbraceFlqbYVwqUG3zZc/M/0g6oNxRuCJ +S66oUq/5XnPZUoTvYDoblKFdlKt6ycNjENu2fDzOgsf6c+qNq+ZlT1CAcwR4NGW6 +lZ3V29+Ccz/ECztfEwpbZdQFl5aCzMmZD5l3/K8HKFltyxQmtwS7K1cHVzxwMvSC +VnV87op6EMpUHZ8895KDmZccb25O+B6pW2VEERCUIxC+O6Vb6M0ppUsfJnOd3Qut +77NHYKkgFHCjetzPRX4zHuntpSKPZ4Ax5wexfm7tIbOqCI1VImEzVYdlO4chPA3c +eREz4A4oeGs3zoJcJe7gVHOWisinYQIDAQABAoICAQCFVksJH/Mr7j1s9e0P4Qcs +93rZdVP07PKFYJfNYJEXJp5eCmBZ7bHA3Lg4nQaGZVBcTuwfDPDfzJUzCZpwYBhA +cuFyU8gD7ADf+QZLT/wb5WRQVBzRreptcSGkceM1MUojXK89moWZ+XddbO9bXR7F +vzgaxhsaU9SBOHGyoypCmdWUnY1H3K8Msnqc8e2g3RNXIGDkac9Ewlt+KbFHdZcH +dnh194NGXpUf44LTVERfDNTGEJfwlIPJcdk7agGfIxEB5PoxqjU5GcltwapoiShJ +eibMClKOFxxHQVdxJ33nyI2/XIJMBwC5Qz/AyaBGmDa79oCOwYbyj4dUvkRPwKlc +uV8aG9GZVIM6S+fTs0y4qKp8agLaNiGot3LinGzN/8eOwzKFeHBVTeSqjmrXETvF +C37M4KdoKGqYcWMzJ5636jgOdNs9ahkiov6XF4MKZekrVgP3JRjBqv+gHBvdIfGy +XnvGKDNvcW3pbRJxILz+gvFpVqqQH5gEyOmdHiCUfA3aDAPfKoLVIM7taGFeGNPd +pW5nHVbDPx6aIR4TTMiokBMHGcXzlgNog4T+e5iF/4r1OkFr5SaUz07NVjn+YU89 +ktqI5dC0XhUoJ+KFDvOw0XibRU3YJTZXuOl5Y0/YJm3yIxQqk0J/odrzPYa6pyRf +mAeQ46h859+TJtI+9dNGQQKCAQEA2EI1aP/bTDBtXR5O5vRS6MdcNlx/i0Cg42Jr +13P4dttbF0p2o685gel+ukXO/Qj7bjLxihM+aQbavOhvyl/r0FmwZgWG9GiSOTLj +kbxc12mYIuv2M0zIfInB60TRfycbiHrL5VkMdFWrZiYGO/DLGAnrZ8FeZv8Ccaio +wYDV4figkPN7VHslxSrNGQpb+Nyuzjfga2EVI5ueXzeXFH45iWaFCQTcmDRMc2Ui +CrjbwPJY9Gn/JpY2+NmFqUkbNuc2KI+HnvFI1u2yuAlSF5E/HPbmCvbIzhbUTU/A +ibqBU/vbxL68oNYjnexJJ5tQ6hY/c+2XuZCp64DDFwhaYYMwTQKCAQEA1VI3ZFIN +19fVdveoI3+amCHrCNJfWsy69o2QUkLDr5CA6Vsh0ymKvztfhqzAxncAmmSiGaMU +Uk4Wm+Zu0hPP95Nr24tbRxei/9CLJFl4Y9+ZzOJ/AlTNc7q3itdqiYlaGSF6oR0i +mHgb9CEi4YRmLJD8x7stG0BJdx2zcsq72Wf47tM9Cso/BxM5quUWOIDi7Nu+6nz/ +D/1vYExH/t5RO01GD/VbA2nly0Mc+tlGnKBGbqn6OplU9AO3x6y6z7TekhGSyZps +vTIY5wrxJzBjartnHIevC3NKZRkVNAViT+UIagBFkbCdzvtj7e0cjsvjYJCVW8i0 +kf/TbHsl0bV9ZQKCAQEAl2UCbxdvNs9QQLhPFHBG+p9WdtgakioUeBsW1CZj8xFt +m8iNddndsIz+IvlsBsia/HK9laQTNQOPbmBqooq0U4/2ZfXInKH4fAKcPhJYDJXn +48q8+Pzv/f+SulnbL+D47XrJ8y18ApVXAJPuGVhhVdrb6i79H6220Er6mTzQfvnH +rrJFzMbJklZ8buNJr9cOqV+ExKeaXOs82/vW0IntTbtvtvioVgWG3+IVCtyPO2xt +ye3KqgDPSzc8015SpwUGbS7OCv9vtseBLkWYKteMD4LpWRObUGu7BMSoTcM7dsgC ++qFs/Evtc0lPjWK2KqqYkVfruAUGb9Acw6sdWta0oQKCAQEAyNadPCBc1Chq25UT +gkhzPmRAqo+WIyC5rcNea3RcVIDSPeIFGI/2B1FZAKzI2pHTyYiRbV2ylkLa2nC7 +SaJJnKf5Vjv/9hD077BiMBjkVfOBE/ry5Tj+LcVPZLKnpVHht+NjVyjdF3uNpe1E +r9o9cBwZQdqh/xQplrIp7xucfHV9Uy0iPXRonrqlApaosw31mFbTimWgpmdPYvSu +m/CnvhNksUWpKK+dIB/RuwKxjmj/ptT1uBIAf7S4ZI/lWgTJv/A3qQNw+TefZndQ +0DqofyZtT9kXHsqu8jwJUG75Pos9vr7+wMnt6Z+ZV7pztqWTL6kwVbfC+epIHcxb +sPMUWQKCAQBsrXQxsIJuLoxW+VbxJbwEnoqFeHSLpPGAH8Q1iAi8woLJIPHv5oYu +EQAr5yPBfGIfR+wVoU2WP0DSKoctS80VEFhKNfkhEyRMQZITynhu/Yc2U27I2mb7 +3OcuZKdD4x3WlGZi8AZvQZwvRebmUs6F/2/Itoat8UTDtQx43Iar65/dvjkY28vh +nnWrkyJP0hIGIT4t4ZM2vG8+OQbJCSq5aXv8zwCW/CoiBk0C+5nLCpkPAs/eIATf +IHYu8t5CrjtBLzfzbannWbRPeskRQp3X4GvRKDOIVcmn2X9nvbA+dS2E+cYxRpmp +V20NPv6LYUshyYwOo3z25EX57WbuMnuK +-----END PRIVATE KEY----- diff --git a/azure-keyvault-emulator.pfx b/azure-keyvault-emulator.pfx new file mode 100644 index 0000000000000000000000000000000000000000..1776344df990d6b1eb5d29e43c10d7f3cf706d97 GIT binary patch literal 4109 zcmY+GbyO3KyT>;eJw}7T7!s4ljS!_7p@1MA5+aQ>$g4Dtkdp33S{z7?6ak6REe%RZ zcgx`Vo^$X0-TTLLo^w9m^E`ik&KH5ECL;h6BG6RB#AN(oPr}YAfh52@G*uf2P1W)j zHz3eNzyA{v=b?$F|Dp*3AmHyB{7(WzK#9r!`vVwAjDUbh5!$@vcK=Mw5)hCAg3v^H z%Jx<*oxO)%Gbfryp7i^P0JG=t%p@MtUt4_j3RXaUj(16wJ}4#LA(aGeGQB&`OoF#C zrLZC+(z1llML)=ZA3N2iKQp{rUE9`1!&Z$?)Pj3ealt=sRS9Ato%TX!!XF=r7z=2L z(BtozTGfgzS2}>7-yT2y5diT8DD>b zp05@FEHBfx?g=$GQoX87Ik!qSQxyYyt4!N8F)Vud2TM^N3USU7E#fbvegKOC{Af#O zcle+-)Kq0%W_-gt*jP8c3hx-wTsa+<=*}(rh_7K@Rov|9#hXpEBs;Bv$DAdzi^QKAgtyW@NS$S+W)4X@sV~LueXRR2-Udy z@#kH0d7*B%eRJmME9Kt}T(HYxMI7Kuc}f%Ai0k3tR7j&wsAH{LrjAH9F6LHlW$1lc_NmT{F~Ygg$ItwT9!|i<~gjLaELH|mYQ_I zAYInnuHei2e9DyiF% zWrCQ{`D+F9bQ*PV@;JkOduz#{KP}8x-~FL9cVORG!Swj;0neePR|WVRZI9GQk9+*L z;xAJzj6F)nf{`xxC$n@B{4lm#+YJ6k2qmI8OK$Lzr9hNxvg3NZ6}NG*akI{9+~M{M*XmB zpbacUk(WpLSzlCd*Y^ANyHnc=GI0{u?BY?*)xX-=LkDk9e!KeY$DdY-5tiC#)y4!X z(^EVJ!aL;c=4u^c7rko=;Gn~K(>s)bKkqH-rddG>E#`^TzH6?Y? z{>tXJE7`tZ5%sb0`;f-mdDDkrCdC(ZqvuW;Ll#c=#W^2EF{viiQR%{h zjlLsFxD{xFB_kAlcR6RGhmXM`HBx1by5W_sRpTKY7*ToL_LPJ458X{-(G9J8A^ML& z&(KPePSk6DxweVe&rElQ$Qq#e{hP22T2FYLGT;UC(;#}Wf|&4&rj!HLS@9`3&;nHd zsEHw&=Z{fk=CTHAcC6uqkC4~ll5OO}jx``wMUkYp3ihM-DZfdXM_OFp=5h!P1b@T( z`fe6YB#Or0aant~`TlA)JSeExg8$FXK&JkH`Z6@8A zvGBG7h8?NahF))|^&d{`8>$O{)faGpf`!EgYrur~8*^&>M+BOz_x}hz4^7qtLX%o@=GN^wIXZ+KFaI?Ot-lft=)|a%)9LMW_KxTnPn8k-(;=p`s;+53`(rm zN?ZKY9)5*M8n%X}l3z;mo2JcqL3H8}4mv(!HpwLrT>86_gV#8)AEa>pTquB>m}@0q7Xa2uyT z6jynThDrkR%b|dtdy*EL9!bp!B7F~%muZVb$O#6Nh*Gf&ZhDgszIxwL`L5!44M{(` zw4EcD7lyJhpOUq{XLt-0HJ1$#0ydwzw~s6m8XTYazb6%r%2yH);d^9mmLsKaGH2C{ z=2dHUc^IAXgt^;IT^(;7gROiTnfL8hKGOw#Dkr!xipR5`m2S zE7BzT3U2E42buxHnv_d?m}2fC!+lx2LaH6w=`8Ck&3NZ*CKQ6@UgZ$m3c+MO}3kaRh+@yUIrewHofLvPXuijY~BWn;;95BU3H z#`rHRiMz7-$2h3Laog1N?sQaO%bsz4(P?(btGK5E`~CCf8SyPCyS8g$C9X5iz7Vdy zp_Gm>{welqE($*7=8-(Fzed0;Bjn5RXpd#)tIy~(w5*#uj;qN-UG8n9hz1fdkP3R2 z{VAb%S`_9?Iz8IXZK)&pyoycdUY`CWps#|KU``4G!HQQuxTXo?k?cUlzBKtHudI;n z-{>e{x7YICGq$9>!tTQ}Zu+4RXcv>sWzI>{gS1LpAGcv4PM9W==69*{)}dNWNpHfT z0-S4iXEYl!__;hoj!w%A0pRkk_TK7nFBB}H;q-<2=C|_!D>>~FNLtdP4ew)F+>XYL z0y7F#r=<{h+zMFLlz-p_L%aSmRd^Z8Hv>+Yxp2&9yYnk`n)OFTl-y?m>LCQ#O0cVZ zo~NH!t)i}{Qr>bqe;6=uG&FEosMp4Qyc@g{j#;wQ7%?1`JXm3un@y!oCcq|X`vEo$ zRh;v&8;%QoPemhEpj8#sXq%Wt^Kc zk_ujjJ>`?{rX2RMiCozlGUP;Svpz^1$4FMo{XQP%nMt`PC-@RX;*-#K?+IyH%f%nY zJnj9YXhPr?tj2?SNDtREn~HNj)&d-euCQzNs-WIO^1{nFJeMK$9-L2hFl)YhGhsQ& zsfl-f7A=hjN+nwghzT3|w8gp`GvCfW%Wud+0~Z%ZE5^e0Xo?2(1l7bId&R>=SY3aF9c#A9rWnM7+uXv%syk`;A(Q8^aziV;g0EY(|x!SeA7F%Hs<5+ z>oK-t%S^mTFZkJ1^E1(9?5>8*735}rDi&a4A0{~FW=ziYE@MK*nv_-n}Bcfm1c1E0}{1i@7 zL3^vVl4?4Ap5aX&SS|?7_&oP~H}lu7S6>u2E~BqRSB`zX&ZTiPuxc{|IWU-a zc0C1Hgo?z@K_CPesT|$yp9z}UcDl)q2!@{xv62EwBAdB&(JUd{g;t8D!wyqbGPwgI zi((7Bbhng_=mk~`0|Z9A$I8a*houZFoj4-CzA9meG&HZgp67hChFSLER_?y+Ao$*U zfV7-xXm~DhKk8TI{DQm#XVj%7x`s}W;!UeL0-~#_s-n=pzq<+z4Yn7S9{SzmRg`CA zu3Bc$$f%gP66muc^Z0DDByH%6x&X`Vu~uMxllgT%y3Dh_B{qf%30ZV;VgXZv-~`%eQ4iV zktU!jg*A3$ne+csh&|ZLB0+bg(EuDuK+4f&z#lsbR<7@u%?fLa&l?iI95UkoT{bnI zr;>m8p4=pPFkX*H$$9isVivUSJULvJIe_qkY zWwr8Nhcejza?0rs2 z7y?ga*>k8&&BKXFloh!PS^0)z?T#m?m!kaZ-V9H0sr>n_{4iMrb~dD2AF~JL_j7JN z#kd%Q)AG6Nq~~i@n8C@%?$U({J@)`Y3BOH6nsYR{@L`=u=f{>-9&)b(ViD+f?B1PtKK&_ zIefw9WR<5hq3_qdIw&OFj@q*$iG?St6mAUe_A0M;_Cl?_kF=73iFY4%z#im?sVXV> z-IUC*d%0L-Ueu@D33?eSp=aX1p|l*aMm5=G2xH{}E}J`m=nt+RTdVJKLn}H75ptHa4wI zAD-#`(`!x9EdhL-A2u@t_Kd^a9p+VX2L}cz2eed0PY`o#K#O3Gj(a I`M0h87Y?eWeE;eJw}7T7!s4ljS!_7p@1MA5+aQ>$g4Dtkdp33S{z7?6ak6REe%RZ zcgx`Vo^$X0-TTLLo^w9m^E`ik&KH5ECL;h6BG6RB#AN(oPr}YAfh52@G*uf2P1W)j zHz3eNzyA{v=b?$F|Dp*3AmHyB{7(WzK#9r!`vVwAjDUbh5!$@vcK=Mw5)hCAg3v^H z%Jx<*oxO)%Gbfryp7i^P0JG=t%p@MtUt4_j3RXaUj(16wJ}4#LA(aGeGQB&`OoF#C zrLZC+(z1llML)=ZA3N2iKQp{rUE9`1!&Z$?)Pj3ealt=sRS9Ato%TX!!XF=r7z=2L z(BtozTGfgzS2}>7-yT2y5diT8DD>b zp05@FEHBfx?g=$GQoX87Ik!qSQxyYyt4!N8F)Vud2TM^N3USU7E#fbvegKOC{Af#O zcle+-)Kq0%W_-gt*jP8c3hx-wTsa+<=*}(rh_7K@Rov|9#hXpEBs;Bv$DAdzi^QKAgtyW@NS$S+W)4X@sV~LueXRR2-Udy z@#kH0d7*B%eRJmME9Kt}T(HYxMI7Kuc}f%Ai0k3tR7j&wsAH{LrjAH9F6LHlW$1lc_NmT{F~Ygg$ItwT9!|i<~gjLaELH|mYQ_I zAYInnuHei2e9DyiF% zWrCQ{`D+F9bQ*PV@;JkOduz#{KP}8x-~FL9cVORG!Swj;0neePR|WVRZI9GQk9+*L z;xAJzj6F)nf{`xxC$n@B{4lm#+YJ6k2qmI8OK$Lzr9hNxvg3NZ6}NG*akI{9+~M{M*XmB zpbacUk(WpLSzlCd*Y^ANyHnc=GI0{u?BY?*)xX-=LkDk9e!KeY$DdY-5tiC#)y4!X z(^EVJ!aL;c=4u^c7rko=;Gn~K(>s)bKkqH-rddG>E#`^TzH6?Y? z{>tXJE7`tZ5%sb0`;f-mdDDkrCdC(ZqvuW;Ll#c=#W^2EF{viiQR%{h zjlLsFxD{xFB_kAlcR6RGhmXM`HBx1by5W_sRpTKY7*ToL_LPJ458X{-(G9J8A^ML& z&(KPePSk6DxweVe&rElQ$Qq#e{hP22T2FYLGT;UC(;#}Wf|&4&rj!HLS@9`3&;nHd zsEHw&=Z{fk=CTHAcC6uqkC4~ll5OO}jx``wMUkYp3ihM-DZfdXM_OFp=5h!P1b@T( z`fe6YB#Or0aant~`TlA)JSeExg8$FXK&JkH`Z6@8A zvGBG7h8?NahF))|^&d{`8>$O{)faGpf`!EgYrur~8*^&>M+BOz_x}hz4^7qtLX%o@=GN^wIXZ+KFaI?Ot-lft=)|a%)9LMW_KxTnPn8k-(;=p`s;+53`(rm zN?ZKY9)5*M8n%X}l3z;mo2JcqL3H8}4mv(!HpwLrT>86_gV#8)AEa>pTquB>m}@0q7Xa2uyT z6jynThDrkR%b|dtdy*EL9!bp!B7F~%muZVb$O#6Nh*Gf&ZhDgszIxwL`L5!44M{(` zw4EcD7lyJhpOUq{XLt-0HJ1$#0ydwzw~s6m8XTYazb6%r%2yH);d^9mmLsKaGH2C{ z=2dHUc^IAXgt^;IT^(;7gROiTnfL8hKGOw#Dkr!xipR5`m2S zE7BzT3U2E42buxHnv_d?m}2fC!+lx2LaH6w=`8Ck&3NZ*CKQ6@UgZ$m3c+MO}3kaRh+@yUIrewHofLvPXuijY~BWn;;95BU3H z#`rHRiMz7-$2h3Laog1N?sQaO%bsz4(P?(btGK5E`~CCf8SyPCyS8g$C9X5iz7Vdy zp_Gm>{welqE($*7=8-(Fzed0;Bjn5RXpd#)tIy~(w5*#uj;qN-UG8n9hz1fdkP3R2 z{VAb%S`_9?Iz8IXZK)&pyoycdUY`CWps#|KU``4G!HQQuxTXo?k?cUlzBKtHudI;n z-{>e{x7YICGq$9>!tTQ}Zu+4RXcv>sWzI>{gS1LpAGcv4PM9W==69*{)}dNWNpHfT z0-S4iXEYl!__;hoj!w%A0pRkk_TK7nFBB}H;q-<2=C|_!D>>~FNLtdP4ew)F+>XYL z0y7F#r=<{h+zMFLlz-p_L%aSmRd^Z8Hv>+Yxp2&9yYnk`n)OFTl-y?m>LCQ#O0cVZ zo~NH!t)i}{Qr>bqe;6=uG&FEosMp4Qyc@g{j#;wQ7%?1`JXm3un@y!oCcq|X`vEo$ zRh;v&8;%QoPemhEpj8#sXq%Wt^Kc zk_ujjJ>`?{rX2RMiCozlGUP;Svpz^1$4FMo{XQP%nMt`PC-@RX;*-#K?+IyH%f%nY zJnj9YXhPr?tj2?SNDtREn~HNj)&d-euCQzNs-WIO^1{nFJeMK$9-L2hFl)YhGhsQ& zsfl-f7A=hjN+nwghzT3|w8gp`GvCfW%Wud+0~Z%ZE5^e0Xo?2(1l7bId&R>=SY3aF9c#A9rWnM7+uXv%syk`;A(Q8^aziV;g0EY(|x!SeA7F%Hs<5+ z>oK-t%S^mTFZkJ1^E1(9?5>8*735}rDi&a4A0{~FW=ziYE@MK*nv_-n}Bcfm1c1E0}{1i@7 zL3^vVl4?4Ap5aX&SS|?7_&oP~H}lu7S6>u2E~BqRSB`zX&ZTiPuxc{|IWU-a zc0C1Hgo?z@K_CPesT|$yp9z}UcDl)q2!@{xv62EwBAdB&(JUd{g;t8D!wyqbGPwgI zi((7Bbhng_=mk~`0|Z9A$I8a*houZFoj4-CzA9meG&HZgp67hChFSLER_?y+Ao$*U zfV7-xXm~DhKk8TI{DQm#XVj%7x`s}W;!UeL0-~#_s-n=pzq<+z4Yn7S9{SzmRg`CA zu3Bc$$f%gP66muc^Z0DDByH%6x&X`Vu~uMxllgT%y3Dh_B{qf%30ZV;VgXZv-~`%eQ4iV zktU!jg*A3$ne+csh&|ZLB0+bg(EuDuK+4f&z#lsbR<7@u%?fLa&l?iI95UkoT{bnI zr;>m8p4=pPFkX*H$$9isVivUSJULvJIe_qkY zWwr8Nhcejza?0rs2 z7y?ga*>k8&&BKXFloh!PS^0)z?T#m?m!kaZ-V9H0sr>n_{4iMrb~dD2AF~JL_j7JN z#kd%Q)AG6Nq~~i@n8C@%?$U({J@)`Y3BOH6nsYR{@L`=u=f{>-9&)b(ViD+f?B1PtKK&_ zIefw9WR<5hq3_qdIw&OFj@q*$iG?St6mAUe_A0M;_Cl?_kF=73iFY4%z#im?sVXV> z-IUC*d%0L-Ueu@D33?eSp=aX1p|l*aMm5=G2xH{}E}J`m=nt+RTdVJKLn}H75ptHa4wI zAD-#`(`!x9EdhL-A2u@t_Kd^a9p+VX2L}cz2eed0PY`o#K#O3Gj(a I`M0h87Y?eWeE /dev/null; then - sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain local-certs/azure-key-vault-emulator.crt + if ! security find-certificate -c azure-keyvault-emulator > /dev/null; then + sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain local-certs/azure-keyvault-emulator.crt else - echo "azure-key-vault-emulator certificate already installed" + echo "azure-keyvault-emulator certificate already installed" fi elif [ "$(expr substr $(uname -s) 1 5)" == "Linux" ]; then - sudo cp local-certs/azure-key-vault-emulator.crt /usr/local/share/ca-certificates/azure-key-vault-emulator.crt + sudo cp local-certs/azure-keyvault-emulator.crt /usr/local/share/ca-certificates/azure-keyvault-emulator.crt sudo update-ca-certificates fi diff --git a/scripts/stopservice.sh b/scripts/stopservice.sh index ea8b76e..4fc7572 100755 --- a/scripts/stopservice.sh +++ b/scripts/stopservice.sh @@ -5,7 +5,7 @@ current_directory="$PWD" cd $(dirname $0)/.. -docker stop azure-key-vault-emulator +docker stop keyvault-emulator result=$?