public AdmPwd.PDS.KeyStore.KeyData GetPublicKey(uint KeyID)
{
if (!_keys.Keys.Contains(KeyID))
{
throw new ArgumentException(string.Format("Key with this ID does not exist: {0}", KeyID));
}
if (_keys[KeyID] == null)
{
return(null);
}
using (var csp = new RSACryptoServiceProvider(new CspParameters {
Flags = CspProviderFlags.UseMachineKeyStore
}))
{
csp.ImportCspBlob(_keys[KeyID].Key);
byte[] pubKey = csp.ExportCspBlob(false);
VaultKeyData pubKeyData = new VaultKeyData(KeyID, pubKey, _keys[KeyID].Area);
AdmPwd.PDS.KeyStore.KeyData retVal = new KeyStore.KeyData();
retVal.ID = KeyID;
retVal.Key = pubKeyData.ToString();
retVal.Size = csp.KeySize;
retVal.Type = "CryptoAPI_RSA";
return(retVal);
}
}
public string Decrypt(uint keyID, string EncryptedPwd)
{
using (var csp = new RSACryptoServiceProvider(new CspParameters {
Flags = CspProviderFlags.UseMachineKeyStore
}))
{
VaultKeyData privKey = _keys[keyID];
csp.ImportCspBlob(privKey.Key);
byte[] decryptedData = null;
decryptedData = csp.Decrypt(Convert.FromBase64String(EncryptedPwd), true);
return(System.Text.UnicodeEncoding.Unicode.GetString(decryptedData)); // decrypted password
}
}
public string Encrypt(ref uint keyID, string plainTextPwd)
{
using (var csp = new RSACryptoServiceProvider(new CspParameters {
Flags = CspProviderFlags.UseMachineKeyStore
}))
{
if (keyID == 0)
{
keyID = _keys.Keys.Max();
}
VaultKeyData key = _keys[keyID];
csp.ImportCspBlob(key.Key);
byte[] encryptedData = null;
encryptedData = csp.Encrypt(System.Text.Encoding.Unicode.GetBytes(plainTextPwd), true);
return($"{Convert.ToBase64String(encryptedData)}");
}
}
public uint GenerateKeyPair(int KeySize)
{
CspParameters CSPParam = new CspParameters();
CSPParam.Flags = CspProviderFlags.UseMachineKeyStore;
UInt32 KeyID = 1;
if (_keys.Keys.Count > 0)
{
KeyID = _keys.Keys.Max <UInt32>() + 1;
}
using (var csp = new RSACryptoServiceProvider(KeySize, CSPParam))
{
var privKey = new VaultKeyData(KeyID, csp.ExportCspBlob(true), _area);
AzureKeyVault.SecretUpdate.SecretUpdate privSecret = privKey.ToSecretUpdate();
SaveSecret(privSecret, (Guid.NewGuid().ToString())).Wait();
_keys.Add(KeyID, privKey);
return(KeyID);
}
}
protected async Task LoadKeys()
{
AuthenticationResult result = await Authenticate();
List <VaultKeyData> keys = new List <VaultKeyData>();
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
UriBuilder ub = new UriBuilder(_vaultUri);
ub.Path += "secrets";
//maxresults seems to be required by current version of API
ub.Query = "api-version=" + _apiVersion + "&maxresults=25";
HttpResponseMessage response = await client.GetAsync(ub.Uri);
if (!response.IsSuccessStatusCode)
{
throw new KeyStoreException(response.ReasonPhrase);
}
bool isAtEnd = false;
DataContractJsonSerializer serializer = new DataContractJsonSerializer(typeof(AzureKeyVault.SecretList.SecretList));
DataContractJsonSerializer serializer2 = new DataContractJsonSerializer(typeof(AzureKeyVault.Secret.Secret));
do
{
AzureKeyVault.SecretList.SecretList secrets = null;
using (var data = await response.Content.ReadAsStreamAsync())
{
secrets = (AzureKeyVault.SecretList.SecretList)serializer.ReadObject(data);
}
if (secrets.value != null)
{
foreach (var secret in secrets.value)
{
UriBuilder ub2 = new UriBuilder(secret.id);
ub2.Query = "api-version=" + _apiVersion;
response = await client.GetAsync(ub2.Uri);
if (!response.IsSuccessStatusCode)
{
throw new KeyStoreException(response.ReasonPhrase);
}
using (var details = await response.Content.ReadAsStreamAsync())
{
AzureKeyVault.Secret.Secret sec = (AzureKeyVault.Secret.Secret)serializer2.ReadObject(details);
if (_area != null && string.Compare(_area, sec.tags.Area, true) != 0)
{
continue;
}
VaultKeyData key = new VaultKeyData(Convert.FromBase64String(sec.value), _area);
_keys.Add(key.Id, key);
}
}
}
if (secrets.nextLink != null)
{
response = await client.GetAsync(secrets.nextLink);
}
else
{
isAtEnd = true;
}
} while (!isAtEnd);
}
}
