public HighAvailabilityViewModel(IDialogCoordinator dialogCoordinator, IShellExecuteProvider shellExecuteProvider, IAmsLicenseManager licenseManager, ILogger <HighAvailabilityViewModel> logger, INotifyModelChangedEventPublisher eventPublisher, DatabaseConfigurationOptions highAvailabilityOptions, DataProtectionOptions dataProtectionOptions, ICertificateSynchronizationProvider certSyncProvider, ISecretRekeyProvider rekeyProvider, SqlServerInstanceProvider sqlInstanceProvider, IScriptTemplateProvider scriptTemplateProvider, IWindowsServiceProvider windowsServiceProvider)
{
this.shellExecuteProvider = shellExecuteProvider;
this.licenseManager = licenseManager;
this.logger = logger;
this.dbOptions = highAvailabilityOptions;
this.dataProtectionOptions = dataProtectionOptions;
this.certSyncProvider = certSyncProvider;
this.dialogCoordinator = dialogCoordinator;
this.rekeyProvider = rekeyProvider;
this.sqlInstanceProvider = sqlInstanceProvider;
this.scriptTemplateProvider = scriptTemplateProvider;
this.windowsServiceProvider = windowsServiceProvider;
this.licenseManager.OnLicenseDataChanged += delegate
{
this.NotifyOfPropertyChange(nameof(this.IsEnterpriseEdition));
this.NotifyOfPropertyChange(nameof(this.ShowEnterpriseEditionBanner));
};
this.DisplayName = "High availability";
eventPublisher.Register(this);
this.isClusterCompatibleSecretEncryptionEnabled = this.dataProtectionOptions.EnableClusterCompatibleSecretEncryption;
}
public void ExpectBuilderAdditions(bool withClient)
{
var services = new List <ServiceDescriptor>();
builder.Setup(x => x.Services).Returns(svcCollection.Object);
svcCollection.Setup(x => x.GetEnumerator()).Returns(() => services.GetEnumerator());
svcCollection.Setup(x => x.Add(It.IsAny <ServiceDescriptor>()))
.Callback <ServiceDescriptor>(sd => { services.Add(sd); });
var config = new KmsXmlEncryptorConfig("keyId");
// Repeat call to ensure cumulative calls work
if (withClient)
{
builder.Object.ProtectKeysWithAwsKms(client.Object, config);
builder.Object.ProtectKeysWithAwsKms(client.Object, config);
}
else
{
builder.Object.ProtectKeysWithAwsKms(config);
builder.Object.ProtectKeysWithAwsKms(config);
}
Assert.Equal(withClient ? 1 : 0, services.Count(x => x.ServiceType == typeof(IAmazonKeyManagementService)));
// IConfigureOptions is designed & expected to be present multiple times, so expect two after two calls
Assert.Equal(2, services.Count(x => x.ServiceType == typeof(IConfigureOptions <KeyManagementOptions>)));
Assert.Equal(2, services.Count(x => x.ServiceType == typeof(IConfigureOptions <KmsXmlEncryptorConfig>)));
Assert.Equal(ServiceLifetime.Singleton, services.First(x => x.ServiceType == typeof(IConfigureOptions <KeyManagementOptions>)).Lifetime);
Assert.Equal(ServiceLifetime.Singleton, services.First(x => x.ServiceType == typeof(IConfigureOptions <KmsXmlEncryptorConfig>)).Lifetime);
provider.Setup(x => x.GetService(typeof(IAmazonKeyManagementService))).Returns(client.Object);
if (withClient)
{
Assert.Equal(ServiceLifetime.Singleton, services.Single(x => x.ServiceType == typeof(IAmazonKeyManagementService)).Lifetime);
Assert.Same(client.Object, services.Single(x => x.ServiceType == typeof(IAmazonKeyManagementService)).ImplementationInstance);
}
// Ensure we run equivalent config for the actual configuration object
var configureObject = services.First(x => x.ServiceType == typeof(IConfigureOptions <KmsXmlEncryptorConfig>)).ImplementationInstance;
var optionsObject = new KmsXmlEncryptorConfig();
((IConfigureOptions <KmsXmlEncryptorConfig>)configureObject).Configure(optionsObject);
provider.Setup(x => x.GetService(typeof(ILoggerFactory))).Returns(loggerFactory.Object);
provider.Setup(x => x.GetService(typeof(IOptions <KmsXmlEncryptorConfig>))).Returns(snapshot.Object);
provider.Setup(x => x.GetService(typeof(IOptions <DataProtectionOptions>))).Returns(dpSnapshot.Object);
loggerFactory.Setup(x => x.CreateLogger(typeof(KmsXmlEncryptor).FullName)).Returns(repository.Create <ILogger <KmsXmlEncryptor> >().Object);
snapshot.Setup(x => x.Value).Returns(optionsObject);
var dbOptions = new DataProtectionOptions();
dpSnapshot.Setup(x => x.Value).Returns(dbOptions);
var configure = services.First(x => x.ServiceType == typeof(IConfigureOptions <KeyManagementOptions>)).ImplementationFactory(provider.Object);
var options = new KeyManagementOptions();
((IConfigureOptions <KeyManagementOptions>)configure).Configure(options);
Assert.IsType <KmsXmlEncryptor>(options.XmlEncryptor);
}
public static void ConfigureOptions(AntiforgeryOptions options, DataProtectionOptions dataProtectionOptions)
{
if (options.CookieName == null)
{
var applicationId = dataProtectionOptions.ApplicationDiscriminator ?? string.Empty;
options.CookieName = ComputeCookieName(applicationId);
}
}
public ProtectedSecretProvider(IEncryptionProvider encryptionProvider, ICertificateProvider certificateProvider, RandomNumberGenerator rng, IOptions <DataProtectionOptions> dataProtectionOptions, IWindowsServiceProvider windowsServiceProvider, IAmsLicenseManager licenseManager)
{
this.encryptionProvider = encryptionProvider;
this.certificateProvider = certificateProvider;
this.rng = rng;
this.dataProtectionOptions = dataProtectionOptions.Value;
this.windowsServiceProvider = windowsServiceProvider;
this.licenseManager = licenseManager;
}
public void ExpectEncryptToSucceed(bool useAppId, bool hashAppId, string appId, string expectedAppId)
{
var myEncryptedString = "encrypted";
var myBase64EncryptedData = Convert.ToBase64String(Encoding.UTF8.GetBytes(myEncryptedString));
var myEncryptedXml = new XElement(ElementName, new XElement("value", myBase64EncryptedData));
var myOutputXml = new XElement(ElementName, "output");
using (var decryptedResponseStream = new MemoryStream())
{
myOutputXml.Save(decryptedResponseStream);
decryptedResponseStream.Seek(0, SeekOrigin.Begin);
var decryptResponse = new DecryptResponse
{
KeyId = KeyId,
Plaintext = decryptedResponseStream
};
var actualConfig = new KmsXmlEncryptorConfig
{
EncryptionContext = encryptionContext,
GrantTokens = grantTokens,
KeyId = KeyId,
DiscriminatorAsContext = useAppId,
HashDiscriminatorContext = hashAppId
};
var actualOptions = new DataProtectionOptions
{
ApplicationDiscriminator = appId
};
encryptConfig.Setup(x => x.Value).Returns(actualConfig);
dpOptions.Setup(x => x.Value).Returns(actualOptions);
kmsClient.Setup(x => x.DecryptAsync(It.IsAny <DecryptRequest>(), CancellationToken.None))
.ReturnsAsync(decryptResponse)
.Callback <DecryptRequest, CancellationToken>((dr, ct) =>
{
if (appId != null && useAppId)
{
Assert.Contains(KmsConstants.ApplicationEncryptionContextKey, dr.EncryptionContext.Keys);
Assert.Equal(expectedAppId, dr.EncryptionContext[KmsConstants.ApplicationEncryptionContextKey]);
}
else
{
Assert.Same(encryptionContext, dr.EncryptionContext);
}
Assert.Same(grantTokens, dr.GrantTokens);
Assert.Equal(myEncryptedString, Encoding.UTF8.GetString(dr.CiphertextBlob.ToArray()));
});
var plaintextXml = decryptor.Decrypt(myEncryptedXml);
Assert.True(XNode.DeepEquals(myOutputXml, plaintextXml));
}
}
public CertificateSynchronizationProvider(RandomNumberGenerator rng, ILogger <CertificateSynchronizationProvider> logger, IOptionsMonitor <DataProtectionOptions> dataProtectionOptions, IProtectedSecretProvider secretProvider, ICertificatePermissionProvider certPermissionProvider, IAmsLicenseManager licenseManager)
: this(rng, logger, secretProvider, certPermissionProvider, licenseManager)
{
this.dataProtectionOptions = dataProtectionOptions.CurrentValue;
dataProtectionOptions.OnChange((o, s) =>
{
this.dataProtectionOptions = o;
this.ImportCertificatesFromConfig();
});
}
public DependencyModule(ILogger <DependencyModule> logger, SharedOptions sharedOptions,
StorageOptions storageOptions, DistributedCacheOptions distributedCacheOptions,
DataProtectionOptions dataProtectionOptions, ResponseCachingOptions responseCachingOptions)
{
_logger = logger;
_sharedOptions = sharedOptions;
_storageOptions = storageOptions;
_distributedCacheOptions = distributedCacheOptions;
_dataProtectionOptions = dataProtectionOptions;
_responseCachingOptions = responseCachingOptions;
}
public DependencyModule(
ILogger <DependencyModule> logger,
SharedOptions sharedOptions, CompaniesHouseOptions coHoOptions,
ResponseCachingOptions responseCachingOptions, DistributedCacheOptions distributedCacheOptions,
DataProtectionOptions dataProtectionOptions, BasicAuthenticationOptions basicAuthenticationOptions)
{
_logger = logger;
_sharedOptions = sharedOptions;
_coHoOptions = coHoOptions;
_responseCachingOptions = responseCachingOptions;
_distributedCacheOptions = distributedCacheOptions;
_dataProtectionOptions = dataProtectionOptions;
_basicAuthenticationOptions = basicAuthenticationOptions;
}
public LapsConfigurationViewModel(IDialogCoordinator dialogCoordinator, ICertificateProvider certificateProvider, IX509Certificate2ViewModelFactory certificate2ViewModelFactory, IWindowsServiceProvider windowsServiceProvider, ILogger <LapsConfigurationViewModel> logger, IShellExecuteProvider shellExecuteProvider, IDomainTrustProvider domainTrustProvider, IDiscoveryServices discoveryServices, IScriptTemplateProvider scriptTemplateProvider, ICertificatePermissionProvider certPermissionProvider, DataProtectionOptions dataProtectionOptions, INotifyModelChangedEventPublisher eventPublisher)
{
this.shellExecuteProvider = shellExecuteProvider;
this.certificateProvider = certificateProvider;
this.certificate2ViewModelFactory = certificate2ViewModelFactory;
this.dialogCoordinator = dialogCoordinator;
this.windowsServiceProvider = windowsServiceProvider;
this.logger = logger;
this.domainTrustProvider = domainTrustProvider;
this.discoveryServices = discoveryServices;
this.scriptTemplateProvider = scriptTemplateProvider;
this.dataProtectionOptions = dataProtectionOptions;
this.eventPublisher = eventPublisher;
this.Forests = new List <Forest>();
this.AvailableCertificates = new BindableCollection <X509Certificate2ViewModel>();
this.DisplayName = "Local admin passwords";
this.certPermissionProvider = certPermissionProvider;
}
public static void ConfigureOptions(CaptchaOptions options, DataProtectionOptions dataProtectionOptions)
{
if (null == options.FormField.Name)
{
options.FormField.Name = CaptchaOptions.DefaultFormField;
}
if (null == options.Cookie.Name)
{
var applicationId = dataProtectionOptions.ApplicationDiscriminator ?? String.Empty;
options.Cookie.Name = CaptchaOptions.DefaultCookiePrefix + GenerateCookieSuffix(applicationId);
}
if (false == options.Cookie.Expiration.HasValue)
{
options.Cookie.Expiration = TimeSpan.FromMinutes(15.0d);
}
if (TimeSpan.Zero >= options.Timeout)
{
options.Timeout = TimeSpan.FromMinutes(3.0d);
}
}
public KmsIntegrationTests()
{
// Expectation that local SDK has been configured correctly, whether via VS Tools or user config files
kmsClient = new AmazonKeyManagementServiceClient(RegionEndpoint.EUWest1);
var encryptConfig = new KmsXmlEncryptorConfig(KmsTestingKey);
dpOptions = new DataProtectionOptions {
ApplicationDiscriminator = ApplicationName
};
var encryptSnapshot = new DirectOptions <KmsXmlEncryptorConfig>(encryptConfig);
var dpSnapshot = new DirectOptions <DataProtectionOptions>(dpOptions);
var svcCollection = new ServiceCollection();
svcCollection.AddSingleton <IOptions <KmsXmlEncryptorConfig> >(sp => encryptSnapshot);
svcCollection.AddSingleton <IOptions <DataProtectionOptions> >(sp => dpSnapshot);
svcCollection.AddSingleton(sp => kmsClient);
svcProvider = svcCollection.BuildServiceProvider();
encryptor = new KmsXmlEncryptor(kmsClient, encryptSnapshot, dpSnapshot);
decryptor = new KmsXmlDecryptor(svcProvider);
}
public void ExpectEncryptToSucceed(bool useAppId, bool hashAppId, string appId, string expectedAppId)
{
var myInputXml = new XElement(ElementName, "input");
byte[] myEncryptedData = Encoding.UTF8.GetBytes("encrypted");
var myBase64EncryptedData = Convert.ToBase64String(myEncryptedData);
using (var encryptedResponseStream = new MemoryStream())
{
encryptedResponseStream.Write(myEncryptedData, 0, myEncryptedData.Length);
encryptedResponseStream.Seek(0, SeekOrigin.Begin);
var encryptResponse = new EncryptResponse
{
KeyId = KeyId,
CiphertextBlob = encryptedResponseStream
};
var actualConfig = new KmsXmlEncryptorConfig
{
EncryptionContext = encryptionContext,
GrantTokens = grantTokens,
KeyId = KeyId,
DiscriminatorAsContext = useAppId,
HashDiscriminatorContext = hashAppId
};
var actualOptions = new DataProtectionOptions
{
ApplicationDiscriminator = appId
};
encryptConfig.Setup(x => x.Value).Returns(actualConfig);
dpOptions.Setup(x => x.Value).Returns(actualOptions);
kmsClient.Setup(x => x.EncryptAsync(It.IsAny <EncryptRequest>(), CancellationToken.None))
.ReturnsAsync(encryptResponse)
.Callback <EncryptRequest, CancellationToken>((er, ct) =>
{
if (appId != null && useAppId)
{
Assert.Contains(KmsConstants.ApplicationEncryptionContextKey, er.EncryptionContext.Keys);
Assert.Equal(expectedAppId, er.EncryptionContext[KmsConstants.ApplicationEncryptionContextKey]);
}
else
{
Assert.Same(encryptionContext, er.EncryptionContext);
}
Assert.Same(grantTokens, er.GrantTokens);
var body = XElement.Load(er.Plaintext);
Assert.True(XNode.DeepEquals(myInputXml, body));
});
var encryptedXml = encryptor.Encrypt(myInputXml);
Assert.Equal(typeof(KmsXmlDecryptor), encryptedXml.DecryptorType);
var encryptedBlob = (string)encryptedXml.EncryptedElement.Element("value");
Assert.Equal(myBase64EncryptedData, encryptedBlob);
}
}
public CertificateSynchronizationProvider(RandomNumberGenerator rng, ILogger <CertificateSynchronizationProvider> logger, DataProtectionOptions dataProtectionOptions, IProtectedSecretProvider secretProvider, ICertificatePermissionProvider certPermissionProvider, IAmsLicenseManager licenseManager)
: this(rng, logger, secretProvider, certPermissionProvider, licenseManager)
{
this.dataProtectionOptions = dataProtectionOptions;
}
public AntiforgeryOptionsSetup(IOptions <DataProtectionOptions> dataProtectionOptions)
{
_dataProtectionOptions = dataProtectionOptions.Value;
}
public AntiForgeryMultitenantPostConfigureOptions(IHttpContextAccessor httpContextAccessor, IOptions <DataProtectionOptions> dataProtectionOptions)
{
_httpContextAccessor = httpContextAccessor;
_dataProtectionOptions = dataProtectionOptions.Value;
}
public static Dictionary <string, string> GetEncryptionContext(IKmsXmlEncryptorConfig config, DataProtectionOptions dpOptions)
{
var encryptionContext = config.EncryptionContext;
// Set the application discriminator as part of the context of encryption, given the intent of the discriminator
if (config.DiscriminatorAsContext && !string.IsNullOrEmpty(dpOptions.ApplicationDiscriminator))
{
encryptionContext = encryptionContext.ToDictionary(x => x.Key, x => x.Value);
var contextValue = dpOptions.ApplicationDiscriminator;
// Some application discriminators (like the defaults) leak sensitive file paths, so hash them
if (config.HashDiscriminatorContext)
{
using (var hasher = SHA256.Create())
{
contextValue = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(contextValue)));
}
}
encryptionContext[KmsConstants.ApplicationEncryptionContextKey] = contextValue;
}
return(encryptionContext);
}
/// <summary> Constructor. </summary>
/// <exception cref="ArgumentNullException"> Thrown when one or more required arguments are
/// null. </exception>
/// <param name="options"> Options for controlling the operation. </param>
public DataProtectionDataProvider(DataProtectionOptions options)
{
_options = options ?? throw new ArgumentNullException(nameof(options));
}
public AntiForgeryOptionsConfiguration(IOptions <DataProtectionOptions> dataProtectionOptions)
{
_dataProtectionOptions = dataProtectionOptions.Value;
}
