public string Decrypt(uint keyID, string EncryptedPwd)
{
using (var csp = new RSACryptoServiceProvider(new CspParameters {
Flags = CspProviderFlags.UseMachineKeyStore
}))
{
KeyData privKey = _keys[keyID].PrivateKey;
csp.ImportCspBlob(privKey.key);
byte[] decryptedData = null;
decryptedData = csp.Decrypt(Convert.FromBase64String(EncryptedPwd), true);
return(System.Text.UnicodeEncoding.Unicode.GetString(decryptedData)); // decrypted password
}
}
protected async Task LoadKeys()
{
AuthenticationResult result = Authenticate();
List <KeyData> keys = new List <KeyData>();
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
UriBuilder ub = new UriBuilder(_vaultUri);
ub.Path += "secrets";
ub.Query = "api-version=" + _apiVersion + "&maxresults=25"; //maxresults seems to be required by API
HttpResponseMessage response = await client.GetAsync(ub.Uri);
if (!response.IsSuccessStatusCode)
{
throw new KeyStoreException(response.ReasonPhrase);
}
bool isAtEnd = false;
DataContractJsonSerializer serializer = new DataContractJsonSerializer(typeof(SecretList.SecretList));
DataContractJsonSerializer serializer2 = new DataContractJsonSerializer(typeof(Secret.Secret));
do
{
SecretList.SecretList secrets = null;
using (var data = await response.Content.ReadAsStreamAsync())
{
secrets = (SecretList.SecretList)serializer.ReadObject(data);
}
foreach (var secret in secrets.value)
{
UriBuilder ub2 = new UriBuilder(secret.id);
ub2.Query = "api-version=" + _apiVersion;
response = await client.GetAsync(ub2.Uri);
if (!response.IsSuccessStatusCode)
{
throw new KeyStoreException(response.ReasonPhrase);
}
using (var details = await response.Content.ReadAsStreamAsync())
{
Secret.Secret sec = (Secret.Secret)serializer2.ReadObject(details);
if (_area != null && string.Compare(_area, sec.tags.Area, true) != 0)
{
continue;
}
KeyType keyType = KeyType.Private;
if (string.Compare(sec.tags.KeyType, "private", true) != 0)
{
keyType = KeyType.Public;
}
KeyData key = new KeyData(Convert.FromBase64String(sec.value), keyType, _area);
keys.Add(key);
}
}
if (secrets.nextLink != null)
{
response = await client.GetAsync(secrets.nextLink);
}
else
{
isAtEnd = true;
}
} while (!isAtEnd);
}
//now process loaded keys and construct key pairs
int i = keys.Count();
uint j = 1;
while (i > 0)
{
KeyData pubKey = keys.FirstOrDefault <KeyData>(x => x.Id == j && x.type == KeyType.Public);
if (pubKey != null)
{
i--;
}
KeyData privKey = keys.FirstOrDefault <KeyData>(x => x.Id == j && x.type == KeyType.Private);
if (privKey != null)
{
i--;
}
if (pubKey != null && privKey != null)
{
KeyPair pair = new KeyPair(pubKey, privKey);
_keys[j] = pair;
}
j++;
}
}
public KeyPair(KeyData PublicKey, KeyData PrivateKey)
{
_pubKey = PublicKey;
_privKey = PrivateKey;
}
protected async Task LoadKeys()
{
AuthenticationResult result = await Authenticate();
List<KeyData> keys = new List<KeyData>();
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
UriBuilder ub = new UriBuilder(_vaultUri);
ub.Path += "secrets";
ub.Query = "api-version=" + _apiVersion + "&maxresults=25"; //maxresults seems to be required by API
HttpResponseMessage response = await client.GetAsync(ub.Uri);
if (!response.IsSuccessStatusCode)
throw new KeyStoreException(response.ReasonPhrase);
bool isAtEnd = false;
DataContractJsonSerializer serializer = new DataContractJsonSerializer(typeof(SecretList.SecretList));
DataContractJsonSerializer serializer2 = new DataContractJsonSerializer(typeof(Secret.Secret));
do
{
SecretList.SecretList secrets = null;
using (var data = await response.Content.ReadAsStreamAsync())
{
secrets = (SecretList.SecretList)serializer.ReadObject(data);
}
if (secrets.value != null)
{
foreach (var secret in secrets.value)
{
UriBuilder ub2 = new UriBuilder(secret.id);
ub2.Query = "api-version=" + _apiVersion;
response = await client.GetAsync(ub2.Uri);
if (!response.IsSuccessStatusCode)
throw new KeyStoreException(response.ReasonPhrase);
using (var details = await response.Content.ReadAsStreamAsync())
{
Secret.Secret sec = (Secret.Secret)serializer2.ReadObject(details);
if (_area != null && string.Compare(_area, sec.tags.Area, true) != 0)
continue;
KeyData key = new KeyData(Convert.FromBase64String(sec.value), _area);
_keys.Add(key.Id, key);
}
}
}
if (secrets.nextLink != null)
response = await client.GetAsync(secrets.nextLink);
else
isAtEnd = true;
} while (!isAtEnd);
}
}
public string GetPublicKey(uint KeyID)
{
if (!_keys.Keys.Contains(KeyID))
throw new ArgumentException(string.Format("Key with this ID does not exist: {0}", KeyID));
if (_keys[KeyID] == null)
return null;
using (var csp = new RSACryptoServiceProvider(new CspParameters { Flags = CspProviderFlags.UseMachineKeyStore }))
{
csp.ImportCspBlob(_keys[KeyID].key);
byte[] pubKey = csp.ExportCspBlob(false);
KeyData pubKeyData = new KeyData(KeyID, pubKey,_keys[KeyID].area);
return pubKeyData.ToString();
}
}
public uint GenerateKeyPair(int KeySize)
{
CspParameters CSPParam = new CspParameters();
CSPParam.Flags = CspProviderFlags.UseMachineKeyStore;
UInt32 KeyID = 1;
if (_keys.Keys.Count > 0)
KeyID = _keys.Keys.Max<UInt32>() + 1;
using (var csp = new RSACryptoServiceProvider(KeySize, CSPParam))
{
var privKey = new KeyData(KeyID, csp.ExportCspBlob(true), _area);
SecretUpdate.SecretUpdate privSecret = privKey.ToSecretUpdate();
SaveSecret(privSecret, (Guid.NewGuid().ToString())).Wait();
_keys.Add(KeyID, privKey);
return KeyID;
}
}
