//TODO: look at injecting xapsoaprequest and encryption provider
IXapPasswordContext IXapPasswordProvider.RetrievePassword(IXapPasswordContext passwordContext)
{
IXapSoapRequest tisamRequest = null;
try {
encryptor = EncyptorFactory.Instance.LoadEncryptionProvider(EncryptorProviderType.Rc4);
tisamRequest = XapSoapRequest.Create("TisamVerify", passwordContext.VaultUrl)
.AddBodyParameter("sKey", passwordContext.VaultKey)
.AddBodyParameter("sUserID", passwordContext.VaultUserId);
XmlDocument response = tisamRequest.ExecuteXmlRequest();
XmlNode retVal = response.SelectSingleNode("/*[local-name()='Envelope']/*[local-name()='Body']/*[local-name()='VerifyResponse']/*[local-name()='VerifyResult'][1]");
if (retVal == null)
{
passwordContext.Password = string.Empty;
}
else
{
byte[] bpwd = Convert.FromBase64String(retVal.InnerText);
string epwd = Encoding.UTF8.GetString(bpwd);
passwordContext.Password = encryptor.EncryptionKey(passwordContext.VaultKey).Decrypt(epwd);
}
return(passwordContext);
} catch (Exception ex) {
throw new XapException($"Error retrieving password for {passwordContext.VaultUserId}", ex);
}
}
//TODO: create password factory for loading password providers, look at injecting
private string BuildConnectionString()
{
try {
if (dbConnectionContext.ConnectionString.Contains("[user]"))
{
if (!string.IsNullOrEmpty(dbConnectionContext.UserName) && !string.IsNullOrEmpty(dbConnectionContext.Password))
{
dbConnectionContext.ConnectionString = dbConnectionContext.ConnectionString.Replace("[user]", dbConnectionContext.UserName);
dbConnectionContext.ConnectionString = dbConnectionContext.ConnectionString.Replace("[password]", dbConnectionContext.Password);
}
else
{
if (pwdContext == null)
{
pwdContext = PasswordContextBuilder.Create().PasswordContext($"{dbConnectionContext.DbKey}.passwordProvider");
}
dbConnectionContext.UserName = pwdContext.VaultUserId;
dbConnectionContext.Password = pwdContext.Password;
dbConnectionContext.ConnectionString = dbConnectionContext.ConnectionString.Replace("[user]", pwdContext.VaultUserId);
dbConnectionContext.ConnectionString = dbConnectionContext.ConnectionString.Replace("[password]", pwdContext.Password);
}
}
if (dbConnectionContext.ConnectionString.Contains("[dbHost]"))
{
dbConnectionContext.ConnectionString = dbConnectionContext.ConnectionString.Replace("[dbHost]", dbConnectionContext.DbHost);
}
if (dbConnectionContext.ConnectionString.Contains("[dbName]"))
{
dbConnectionContext.ConnectionString = dbConnectionContext.ConnectionString.Replace("[dbName]", dbConnectionContext.DbName);
}
if (dbConnectionContext.ConnectionString.Contains("[minPoolSize]"))
{
dbConnectionContext.ConnectionString = dbConnectionContext.ConnectionString.Replace("[minPoolSize]", dbConnectionContext.MinPoolSize);
}
if (dbConnectionContext.ConnectionString.Contains("[maxPoolSize]"))
{
dbConnectionContext.ConnectionString = dbConnectionContext.ConnectionString.Replace("[maxPoolSize]", dbConnectionContext.MaxPoolSize);
}
if (dbConnectionContext.ConnectionString.Contains("[port]"))
{
dbConnectionContext.ConnectionString = dbConnectionContext.ConnectionString.Replace("[port]", dbConnectionContext.Port);
}
return(dbConnectionContext.ConnectionString);
} catch (Exception ex) {
throw new XapException($"Error building connection string for {dbConnectionContext.DbKey}");
}
}
/// <summary>
/// manually fill in the password context information needed to retrieve the password
/// </summary>
/// <param name="passwordContext"></param>
/// <returns></returns>
IXapPasswordContext IXapPasswordContextBuilder.PasswordContext(IXapPasswordContext xapPasswordContext)
{
passwordContext = PasswordContextService.Instance.GetPasswordContext(xapPasswordContext.VaultUserId);
if (passwordContext == null)
{
GetPassword();
PasswordContextService.Instance.AddPasswordContext(xapPasswordContext.VaultUserId, passwordContext);
}
return(passwordContext);
}
IXapPasswordContext IXapPasswordProvider.RetrievePassword(IXapPasswordContext passwordContext)
{
try {
string requestUrl = string.Format("AppId={0}&Safe={1}&Folder=Root&UserName={2}", passwordContext.VaultAppId, passwordContext.VaultSafe, passwordContext.VaultUserId);
string jsonData = GET(passwordContext.VaultUrl + requestUrl);
JObject json = JObject.Parse(jsonData);
passwordContext.Password = json["Content"].ToString();
return(passwordContext);
} catch (Exception ex) {
throw new XapException($"Error retrieving password cyberark for {passwordContext.VaultUserId}", ex);
}
}
/// <summary>
/// defaults to use tisam, providers must be loaded before use
/// </summary>
/// <param name="userId"></param>
/// <param name="key"></param>
/// <param name="uri">tisam uri</param>
/// <returns></returns>
IXapPasswordContext IXapPasswordContextBuilder.PasswordContext(string userId, string key, string uri)
{
passwordContext = PasswordContextService.Instance.GetPasswordContext(userId);
if (passwordContext == null)
{
passwordContext = PasswordFactory.Instance.PasswordContext();
passwordContext.ConfigurationKey = userId;
passwordContext.VaultUserId = userId;
passwordContext.VaultUrl = uri;
passwordContext.ProviderType = PasswordProviderType.Tisam;
passwordContext.VaultKey = key;
GetPassword();
PasswordContextService.Instance.AddPasswordContext(userId, passwordContext);
}
return(passwordContext);
}
/// <summary>
/// defaults to use cyberArk, providers must be loaded before use
/// </summary>
/// <param name="userId"></param>
/// <param name="uri"></param>
/// <param name="safe"></param>
/// <param name="appId"></param>
/// <returns></returns>
IXapPasswordContext IXapPasswordContextBuilder.PasswordContext(string userId, string uri, string safe, string appId)
{
passwordContext = PasswordContextService.Instance.GetPasswordContext(userId);
if (passwordContext == null)
{
passwordContext = PasswordFactory.Instance.PasswordContext();
passwordContext.ConfigurationKey = userId;
passwordContext.ProviderType = PasswordProviderType.CyberArk;
passwordContext.VaultAppId = appId;
passwordContext.VaultSafe = safe;
passwordContext.VaultUrl = uri;
passwordContext.VaultUserId = userId;
GetPassword();
PasswordContextService.Instance.AddPasswordContext(userId, passwordContext);
}
return(passwordContext);
}
/// <summary>
/// will look up the context from a config file
/// </summary>
/// <param name="configurationKey"></param>
/// <returns></returns>
IXapPasswordContext IXapPasswordContextBuilder.PasswordContext(string configurationKey)
{
passwordContext = PasswordContextService.Instance.GetPasswordContext(configurationKey);
if (passwordContext == null)
{
passwordContext = PasswordFactory.Instance.PasswordContext();
passwordContext.ConfigurationKey = configurationKey;
passwordContext.ProviderType = GetProviderType();
passwordContext.VaultAppId = GetVaultAppId();
passwordContext.VaultKey = GetVaultKey();
passwordContext.VaultSafe = GetVaultSafe();
passwordContext.VaultUrl = GetVaultUri();
passwordContext.VaultUserId = GetVaultUserId();
GetPassword();
PasswordContextService.Instance.AddPasswordContext(configurationKey, passwordContext);
}
return(passwordContext);
}
public void AddPasswordContext(string configurationKey, IXapPasswordContext passwordContext)
{
pwdContexts.AddItem(configurationKey, passwordContext);
}
public IXapPasswordContext PasswordContext(IXapPasswordContext passwordContext)
{
return(PasswordContextBuilder.Create().PasswordContext(passwordContext));
}
public static IXapDbConnectionContextBuilder Create(IXapPasswordContext passwordContext)
{
return(new XapDbConnectionContextBuilder(passwordContext));
}
private XapDbConnectionContextBuilder(IXapPasswordContext passwordContext)
{
pwdContext = passwordContext;
}
public void GetPassword()
{
IXapPasswordProvider pwdProvider = LoadPasswordProvider(passwordContext.ProviderType);
passwordContext = pwdProvider.RetrievePassword(passwordContext);
}
public IXapDataProvider Db(IXapDbConnectionContext dbConnectionContext, IXapPasswordContext passwordContext)
{
dbConnectionContext.UserName = passwordContext.VaultUserId;
dbConnectionContext.Password = passwordContext.Password;
return(XapDb.Create(dbConnectionContext));
}
