Support WEBSITE_AUTH_ENCRYPTION_KEY and fix SA warning

build.cmd

@@ -1,8 +1,5 @@
 @ECHO Off
-
-SET Config=%1
-IF "%1"=="" (
-  SET Config="Release"
-)
-
-msbuild WebJobs.Script.proj /p:Configuration=%Config%;SolutionDir=%~dp0 /flp:LogFile=msbuild.log;Verbosity=Normal
+REM call dotnet --version
+call dotnet restore WebJobs.Script.sln
+call dotnet build WebJobs.Script.sln
+REM call dotnet test WebJobs.Script.sln --no-build

src/WebJobs.Script.Scaling/AppServiceSettings.cs

@@ -3,6 +3,7 @@
 
 using System;
 using System.Diagnostics.CodeAnalysis;
+using System.Linq;
 using Microsoft.Win32;
 
 namespace Microsoft.Azure.WebJobs.Script.Scaling
@@ -259,19 +260,31 @@ public static byte[] RuntimeEncryptionKey
             {
                 if (_runtimeEncryptionKey == null)
                 {
-                    var value = Environment.GetEnvironmentVariable("WEBSITE_ENCRYPTION_KEY");
+                    var value = Environment.GetEnvironmentVariable("WEBSITE_AUTH_ENCRYPTION_KEY");
                     if (string.IsNullOrEmpty(value))
                     {
-                        throw new InvalidOperationException("MIssing WEBSITE_ENCRYPTION_KEY environment variable");
+                        throw new InvalidOperationException("Missing WEBSITE_AUTH_ENCRYPTION_KEY environment variable");
                     }
 
                     try
                     {
-                        _runtimeEncryptionKey = Convert.FromBase64String(value);
+                        // only support 32 bytes (256 bits) key length
+                        // either hex or base64 string format
+                        if (value.Length == 64)
+                        {
+                            _runtimeEncryptionKey = Enumerable.Range(0, value.Length)
+                                             .Where(x => x % 2 == 0)
+                                             .Select(x => Convert.ToByte(value.Substring(x, 2), 16))
+                                             .ToArray();
+                        }
+                        else
+                        {
+                            _runtimeEncryptionKey = Convert.FromBase64String(value);
+                        }
                     }
                     catch (Exception ex)
                     {
-                        throw new InvalidOperationException(string.Format("Invalid base64 WEBSITE_ENCRYPTION_KEY environment variable '{0}'.", value), ex);
+                        throw new InvalidOperationException(string.Format("Invalid base64 WEBSITE_AUTH_ENCRYPTION_KEY environment variable '{0}'.", value), ex);
                     }
                 }
 

src/WebJobs.Script.Scaling/ScaleUtils.cs

@@ -109,24 +109,32 @@ public static string GetToken(DateTime expiredUtc)
                         cs.FlushFinalBlock();
                     }
 
-                    return string.Format("{0}.{1}", iv, Convert.ToBase64String(ms.ToArray()));
+                    return string.Format("{0}.{1}.{2}", iv, Convert.ToBase64String(ms.ToArray()), GetSHA256Base64String(aes.Key));
                 }
             }
         }
 
         public static void ValidateToken(string token)
         {
             var parts = token.Split(new[] { '.' }, StringSplitOptions.RemoveEmptyEntries);
-            if (parts.Length != 2)
+            if (parts.Length != 2 && parts.Length != 3)
             {
                 throw new ArgumentException("Malform encrypted data.");
             }
 
             var iv = Convert.FromBase64String(parts[0]);
             var data = Convert.FromBase64String(parts[1]);
+            var base64KeyHash = parts.Length == 3 ? parts[2] : null;
+
+            var encryptionKey = AppServiceSettings.RuntimeEncryptionKey;
+            if (!string.IsNullOrEmpty(base64KeyHash) && !string.Equals(GetSHA256Base64String(encryptionKey), base64KeyHash))
+            {
+                throw new InvalidOperationException(string.Format("Key with hash {0} does not exist.", base64KeyHash));
+            }
+
             using (var aes = new AesManaged())
             {
-                aes.Key = AppServiceSettings.RuntimeEncryptionKey;
+                aes.Key = encryptionKey;
 
                 using (var decrypter = aes.CreateDecryptor(aes.Key, iv))
                 using (var ms = new MemoryStream())
@@ -152,5 +160,13 @@ public static void ValidateToken(string token)
                 }
             }
         }
+
+        private static string GetSHA256Base64String(byte[] key)
+        {
+            using (var sha256 = new SHA256Managed())
+            {
+                return Convert.ToBase64String(sha256.ComputeHash(key));
+            }
+        }
     }
 }

test/WebJobs.Script.Scaling.Tests/AppServiceScaleManagerTests.cs

@@ -14,7 +14,7 @@ namespace Microsoft.Azure.WebJobs.Script.Scaling.Tests
     [Collection("Azure Test Collection")]
     public class AppServiceScaleManagerTests
     {
-        [Theory, MemberData("SupportedData")]
+        [Theory, MemberData(nameof(SupportedData))]
         public void SupportedTests(bool runtimeScaleEnabled, string storageConnectionString, string sku, bool expected)
         {
             AppServiceSettings.RuntimeScalingEnabled = runtimeScaleEnabled;

test/WebJobs.Script.Scaling.Tests/AppServiceWorkerTableTests.cs

@@ -12,7 +12,7 @@ namespace Microsoft.Azure.WebJobs.Script.Scaling.Tests
     [Collection("Azure Test Collection")]
     public class AppServiceWorkerTableTests
     {
-        [Theory, MemberData("TestStorageConnectionString")]
+        [Theory, MemberData(nameof(TestStorageConnectionString))]
         public async Task CRUDTests(string storageConnectionString, string siteName)
         {
             if (string.IsNullOrEmpty(storageConnectionString))
@@ -81,7 +81,7 @@ public async Task CRUDTests(string storageConnectionString, string siteName)
             }
         }
 
-        [Theory, MemberData("TestStorageConnectionString")]
+        [Theory, MemberData(nameof(TestStorageConnectionString))]
         public async Task GetSetManagerTests(string storageConnectionString, string siteName)
         {
             if (string.IsNullOrEmpty(storageConnectionString))
@@ -132,7 +132,7 @@ public async Task GetSetManagerTests(string storageConnectionString, string site
             }
         }
 
-        [Theory, MemberData("TestStorageConnectionString")]
+        [Theory, MemberData(nameof(TestStorageConnectionString))]
         public async Task LeaseBasicTests(string storageConnectionString, string siteName)
         {
             if (string.IsNullOrEmpty(storageConnectionString))
@@ -173,7 +173,7 @@ public async Task LeaseBasicTests(string storageConnectionString, string siteNam
             }
         }
 
-        [Theory, MemberData("TestStorageConnectionString")]
+        [Theory, MemberData(nameof(TestStorageConnectionString))]
         public async Task LeaseConflictTests(string storageConnectionString, string siteName)
         {
             if (string.IsNullOrEmpty(storageConnectionString))

test/WebJobs.Script.Scaling.Tests/EnsureManagerTests.cs

@@ -11,7 +11,7 @@ namespace Microsoft.Azure.WebJobs.Script.Scaling.Tests
 {
     public class EnsureManagerTests
     {
-        [Theory, MemberData("EnsureManagerData")]
+        [Theory, MemberData(nameof(EnsureManagerData))]
         public async Task BasicTests(IWorkerInfo worker, IWorkerInfo current, IEnumerable<IWorkerInfo> workers, IWorkerInfo expected)
         {
             var activityId = Guid.NewGuid().ToString();

test/WebJobs.Script.Scaling.Tests/ProcessWorkItemTests.cs

@@ -11,7 +11,7 @@ namespace Microsoft.Azure.WebJobs.Script.Scaling.Tests
 {
     public class ProcessWorkItemTests
     {
-        [Theory, MemberData("BasicData")]
+        [Theory, MemberData(nameof(BasicData))]
         public async Task BasicTests(IWorkerInfo worker, IWorkerInfo current)
         {
             var activityId = Guid.NewGuid().ToString();

test/WebJobs.Script.Scaling.Tests/RequestAddWorkerTests.cs

@@ -12,7 +12,7 @@ namespace Microsoft.Azure.WebJobs.Script.Scaling.Tests
 {
     public class RequestAddWorkerTests
     {
-        [Theory, MemberData("BasicData")]
+        [Theory, MemberData(nameof(BasicData))]
         public async Task BasicTests(int maxWorkers, IEnumerable<IWorkerInfo> workers, IWorkerInfo manager, bool force, bool expected)
         {
             var activityId = Guid.NewGuid().ToString();

test/WebJobs.Script.Scaling.Tests/RequestRemoveWorkerTests.cs

@@ -11,7 +11,7 @@ namespace Microsoft.Azure.WebJobs.Script.Scaling.Tests
 {
     public class RequestRemoveWorkerTests
     {
-        [Theory, MemberData("BasicData")]
+        [Theory, MemberData(nameof(BasicData))]
         public async Task BasicTests(IWorkerInfo manager, IWorkerInfo toRemove)
         {
             var activityId = Guid.NewGuid().ToString();

test/WebJobs.Script.Scaling.Tests/ScaleUtilsTests.cs

@@ -13,7 +13,7 @@ namespace Microsoft.Azure.WebJobs.Script.Scaling.Tests
 {
     public class ScaleUtilsTests
     {
-        [Theory, MemberData("WorkerEqualsData")]
+        [Theory, MemberData(nameof(WorkerEqualsData))]
         public void WorkerEqualsTests(IWorkerInfo src, IWorkerInfo dst, bool expected)
         {
             var actual = ScaleUtils.WorkerEquals(src, dst);
@@ -119,7 +119,7 @@ public void WorkersToDisplayStringTests()
         public void GetAndValidateTokenTests(DateTime expiredUtc, bool expected)
         {
             var encryptionKey = GenerateEncryptionKey();
-            using (new TestScopedEnvironmentVariable("WEBSITE_ENCRYPTION_KEY", Convert.ToBase64String(encryptionKey)))
+            using (new TestScopedEnvironmentVariable("WEBSITE_AUTH_ENCRYPTION_KEY", Convert.ToBase64String(encryptionKey)))
             {
                 var token = ScaleUtils.GetToken(expiredUtc);
 

test/WebJobs.Script.Scaling.Tests/SetManagerTests.cs

@@ -11,7 +11,7 @@ namespace Microsoft.Azure.WebJobs.Script.Scaling.Tests
 {
     public class SetManagerTests
     {
-        [Theory, MemberData("SuccessfulSetData")]
+        [Theory, MemberData(nameof(SuccessfulSetData))]
         public async Task SuccessfulSetTests(IWorkerInfo worker, IWorkerInfo current)
         {
             var activityId = Guid.NewGuid().ToString();
@@ -60,7 +60,7 @@ public static IEnumerable<object[]> SuccessfulSetData
             }
         }
 
-        [Theory, MemberData("AlreadySetData")]
+        [Theory, MemberData(nameof(AlreadySetData))]
         public async Task AlreadySetTests(IWorkerInfo worker, IWorkerInfo current, IWorkerInfo other)
         {
             var activityId = Guid.NewGuid().ToString();

test/WebJobs.Script.Scaling.Tests/TryAddIfLoadFactorMaxWorkerTests.cs

@@ -11,7 +11,7 @@ namespace Microsoft.Azure.WebJobs.Script.Scaling.Tests
 {
     public class TryAddIfLoadFactorMaxWorkerTests
     {
-        [Theory, MemberData("BasicData")]
+        [Theory, MemberData(nameof(BasicData))]
         public async Task BasicTests(IWorkerInfo manager, IEnumerable<IWorkerInfo> workers, IWorkerInfo loadFactorMaxWorker)
         {
             var activityId = Guid.NewGuid().ToString();

test/WebJobs.Script.Scaling.Tests/TryAddIfMaxBusyWorkerRatioTests.cs

@@ -11,7 +11,7 @@ namespace Microsoft.Azure.WebJobs.Script.Scaling.Tests
 {
     public class TryAddIfMaxBusyWorkerRatioTests
     {
-        [Theory, MemberData("BasicData")]
+        [Theory, MemberData(nameof(BasicData))]
         public async Task BasicTests(double maxBusyWorkerRatio, IWorkerInfo manager, IEnumerable<IWorkerInfo> workers, bool expected)
         {
             var activityId = Guid.NewGuid().ToString();

test/WebJobs.Script.Scaling.Tests/TryRemoveIfMaxFreeWorkerRatioTests.cs

@@ -12,7 +12,7 @@ namespace Microsoft.Azure.WebJobs.Script.Scaling.Tests
 {
     public class TryRemoveIfMaxFreeWorkerRatioTests
     {
-        [Theory, MemberData("BasicData")]
+        [Theory, MemberData(nameof(BasicData))]
         public async Task BasicTests(double maxFreeWorkerRatio, IWorkerInfo manager, IEnumerable<IWorkerInfo> workers, IWorkerInfo toRemove)
         {
             var activityId = Guid.NewGuid().ToString();

test/WebJobs.Script.Scaling.Tests/TryRemoveIfMaxWorkersTests.cs

@@ -12,7 +12,7 @@ namespace Microsoft.Azure.WebJobs.Script.Scaling.Tests
 {
     public class TryRemoveIfMaxWorkersTests
     {
-        [Theory, MemberData("BasicData")]
+        [Theory, MemberData(nameof(BasicData))]
         public async Task BasicTests(int maxWorkers, IWorkerInfo manager, IEnumerable<IWorkerInfo> workers, IEnumerable<IWorkerInfo> toRemoves)
         {
             var activityId = Guid.NewGuid().ToString();

test/WebJobs.Script.Scaling.Tests/TryRemoveSlaveWorkerTests.cs

@@ -12,7 +12,7 @@ namespace Microsoft.Azure.WebJobs.Script.Scaling.Tests
 {
     public class TryRemoveSlaveWorkerTests
     {
-        [Theory, MemberData("BasicData")]
+        [Theory, MemberData(nameof(BasicData))]
         public async Task BasicTests(IWorkerInfo manager, IEnumerable<IWorkerInfo> workers, bool added, IWorkerInfo toRemove)
         {
             var activityId = Guid.NewGuid().ToString();

test/WebJobs.Script.Scaling.Tests/TrySwapIfLoadFactorMinWorkerTests.cs

@@ -11,7 +11,7 @@ namespace Microsoft.Azure.WebJobs.Script.Scaling.Tests
 {
     public class TrySwapIfLoadFactorMinWorkerTests
     {
-        [Theory, MemberData("BasicData")]
+        [Theory, MemberData(nameof(BasicData))]
         public async Task BasicTests(IWorkerInfo manager, IEnumerable<IWorkerInfo> workers, IWorkerInfo loadFactorMinWorker)
         {
             var activityId = Guid.NewGuid().ToString();