Generate host/function secrets if missing

davidebbo · davidebbo · commit cce0419e545c · 2016-02-29T18:29:58.000-08:00
diff --git a/src/WebJobs.Script.WebHost/App_Start/AutofacBootstrap.cs b/src/WebJobs.Script.WebHost/App_Start/AutofacBootstrap.cs
@@ -55,6 +55,8 @@ internal static void Initialize(ContainerBuilder builder)
             builder.RegisterInstance<WebScriptHostManager>(scriptHostManager);
 
             SecretManager secretManager = new SecretManager(secretsPath);
+            // Make sure that host secrets get created on startup if they don't exist
+            secretManager.GetHostSecrets();
             builder.RegisterInstance<SecretManager>(secretManager);
 
             WebHookReceiverManager webHookRecieverManager = new WebHookReceiverManager(secretManager);
diff --git a/src/WebJobs.Script.WebHost/SecretManager.cs b/src/WebJobs.Script.WebHost/SecretManager.cs
@@ -5,6 +5,7 @@
 using System.Collections.Concurrent;
 using System.Globalization;
 using System.IO;
+using System.Security.Cryptography;
 using Newtonsoft.Json;
 
 namespace WebJobs.Script.WebHost
@@ -52,8 +53,14 @@ public virtual HostSecrets GetHostSecrets()
                 }
                 else
                 {
-                    // initialize with empty instance
-                    _hostSecrets = new HostSecrets();
+                    // initialize with new secrets and save it
+                    _hostSecrets = new HostSecrets
+                    {
+                        MasterKey = GenerateSecretString(),
+                        FunctionKey = GenerateSecretString()
+                    };
+
+                    File.WriteAllText(secretFilePath, JsonConvert.SerializeObject(_hostSecrets, Formatting.Indented));
                 }
             }
             return _hostSecrets;
@@ -81,14 +88,32 @@ public virtual FunctionSecrets GetFunctionSecrets(string functionName)
                 }
                 else
                 {
-                    // initialize with empty instance
-                    secrets = new FunctionSecrets();
+                    // initialize with new secrets and save it
+                    secrets = new FunctionSecrets
+                    {
+                        Key = GenerateSecretString()
+                    };
+
+                    File.WriteAllText(secretFilePath, JsonConvert.SerializeObject(secrets, Formatting.Indented));
                 }
 
                 return secrets;
             });
         }
 
+        static string GenerateSecretString()
+        {
+            using (var rng = RandomNumberGenerator.Create())
+            {
+                byte[] data = new byte[40];
+                rng.GetBytes(data);
+                string secret = Convert.ToBase64String(data);
+
+                // Replace pluses as they are problematic as URL values
+                return secret.Replace('+', 'a');
+            }
+        }
+
         private void OnChanged(object sender, FileSystemEventArgs e)
         {
             // clear the cached secrets if they exist
