Beispiel #1
0
        /// <summary>
        /// Gets an encrypted string settings from the sitekeyconfig.json file.
        ///
        /// Prevents memory based attacks to extract any sensitive keys in cache.
        /// </summary>
        /// <param name="path"></param>
        /// <param name="defaultfallback">The default value if it does not exist</param>
        /// <returns></returns>
        public static string GetEncryptedString(string path, string defaultfallback = "")
        {
            InitializeProtectedAppSettings();

            // Check cache
            string hashedPath = SHA256Hash.Hash(path);

            if (DataCache.ContainsKey(hashedPath))
            {
                return(AES256Hash.DecryptString(path, DataCache[hashedPath])); // decrypt with real path independent of the hashed path key.
            }
            return(null);
        }
Beispiel #2
0
        private static void RecursivelyLoadJsonSettings(JObject JsonObject, JProperty JsonProperty)
        {
            foreach (JToken token in JsonProperty == null ? JsonObject.Children() : JsonProperty.Children())
            {
                if (token.Type == JTokenType.Property)
                {
                    RecursivelyLoadJsonSettings(null, (JProperty)token);
                }
                else if (token.Type == JTokenType.Object)
                {
                    RecursivelyLoadJsonSettings((JObject)token, null);
                }
                else
                {
                    if (token.Type == JTokenType.String)
                    {
                        string path  = token.Path.Replace(".", "/");
                        string value = (string)token;

                        DataCache.Add(SHA256Hash.Hash(path), AES256Hash.EncryptString(path, value)); // encrypt with real path independent of the hashed path key.
                    }
                }
            }
        }