private void HelperCryptCreate(IKeySetWriter writer, IKeySet keySet, string kspath,
IKeySet nonEncryptedKS = null, IKeySetWriter nonEncryptedWriter = null)
{
using (var ks = new MutableKeySet(nonEncryptedKS ?? keySet))
{
var ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(nonEncryptedWriter ?? writer);
Expect(success, Is.True);
}
using (var encrypter = new Encrypter(nonEncryptedKS ?? keySet))
{
var ciphertext = encrypter.Encrypt(input);
File.WriteAllText(Path.Combine(kspath, "1.out"), ciphertext);
}
using (var ks = new MutableKeySet(keySet))
{
var ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(2));
var success = ks.Save(writer);
Expect(success, Is.True);
}
using (var encrypter = new Encrypter(keySet))
{
var ciphertext = encrypter.Encrypt(input);
File.WriteAllText(Path.Combine(kspath, "2.out"), ciphertext);
}
}
public void setUp()
{
oaepReader = new ImportedKeySet(Key.Read(KeyType.RsaPriv, BuildKey(oaepPaddingString)),
KeyPurpose.DecryptAndEncrypt);
pkcsReader = new ImportedKeySet(Key.Read(KeyType.RsaPriv, BuildKey(pkcsPaddingString)),
KeyPurpose.DecryptAndEncrypt);
}
public void Add(IKeySet theKeys)
{
DualKeySet keys = (DualKeySet)theKeys;
keys.ProducerKeys.ToList().ForEach(x => ProducerKeys.Add(x));
keys.ConsumerKeys.ToList().ForEach(x => ConsumerKeys.Add(x));
}
/// <summary>
/// Initializes a new instance of the <see cref="Signer" /> class.
/// </summary>
/// <param name="keySet">The key set.</param>
/// <exception cref="InvalidKeySetException">This key set can not be used for signing and verifying.</exception>
public Signer(IKeySet keySet) : base(keySet)
{
if (keySet.Metadata.Purpose != KeyPurpose.SignAndVerify)
{
throw new InvalidKeySetException("This key set can not be used for signing and verifying.");
}
}
public void setUp()
{
oaepReader = new ImportedKeySet(Key.Read(KeyType.RsaPriv, BuildKey(oaepPaddingString)),
KeyPurpose.DecryptAndEncrypt);
pkcsReader = new ImportedKeySet(Key.Read(KeyType.RsaPriv, BuildKey(pkcsPaddingString)),
KeyPurpose.DecryptAndEncrypt);
}
public static IKeySet LayerSecurity(Func <IRootProviderKeySet> rootKeyetCreator,
params Func <IKeySet, ILayeredKeySet>[] layeredKeysetCreators)
{
IKeySet keyset = rootKeyetCreator();
return(layeredKeysetCreators.Aggregate(keyset, (current, layered) => layered(current)));
}
/// <summary>
/// Initializes a new instance of the <see cref="Signer" /> class.
/// </summary>
/// <param name="keySet">The key set.</param>
/// <exception cref="InvalidKeySetException">This key set can not be used for signing and verifying.</exception>
public Signer(IKeySet keySet) : base(keySet)
{
if (keySet.Metadata.Purpose != KeyPurpose.SignAndVerify)
{
throw MakeInvalidKeySetTypeException();
}
}
protected override void Dispose(bool disposing)
{
if (disposing)
{
_keySet = null;
}
}
public CertEncryptedKeySet(IKeySet keySet, Stream certStream, Func <string> passwordPrompt = null)
{
_keySet = keySet;
_certKeySet = ImportedKeySet.Import.Pkcs12Keys(KeyPurpose.DecryptAndEncrypt, certStream, passwordPrompt);
_crypter = new Crypter(_certKeySet);
_sessionPacker = new BsonSessionKeyPacker();
}
public static bool ExportAsPkcs12(this IKeySet keySet, string location, Func <string> passwordPrompt)
{
Directory.CreateDirectory(Path.GetDirectoryName(location));
using (var stream = new FileStream(location, FileMode.Create))
{
return(ExportAsPkcs12(keySet, stream, passwordPrompt));
}
}
/// <summary>
/// Initializes a new instance of the <see cref="Crypter"/> class.
/// </summary>
/// <param name="keySet">The key set.</param>
public Crypter(IKeySet keySet)
: base(keySet)
{
if (keySet.Metadata.Purpose != KeyPurpose.DecryptAndEncrypt)
{
throw new InvalidKeySetException("This key set can not be used for decryption and encryption.");
}
}
public static Key GetPrimaryKey(this IKeySet keySet)
{
var version = keySet.Metadata.GetPrimaryKeyVersion();
return(version == null
? null
: keySet.GetKey(version.VersionNumber));
}
/// <summary>
/// Get's deep copy of Key from IKeyset
/// </summary>
/// <param name="keySet">The keyset.</param>
/// <param name="version">The version.</param>
/// <returns></returns>
public static Key GetKey(this IKeySet keySet, int version)
{
var keyData = keySet.GetKeyData(version);
var key = Key.Read(keySet.Metadata.KeyType, keyData);
keyData.Clear();
return(key);
}
/// <summary>
/// Initializes a new instance of the <see cref="Crypter"/> class.
/// </summary>
/// <param name="keySet">The key set.</param>
public Crypter(IKeySet keySet)
: base(keySet)
{
if (keySet.Metadata.Purpose != KeyPurpose.DecryptAndEncrypt)
{
throw new InvalidKeySetException("This key set can not be used for decryption and encryption.");
}
}
/// <summary>
/// Initializes a new instance of the <see cref="Verifier" /> class.
/// </summary>
/// <param name="keySet">The key set.</param>
/// <exception cref="InvalidKeySetException">This key set can not be used for verifying signatures.</exception>
public Verifier(IKeySet keySet) : base(keySet)
{
if (keySet.Metadata.Purpose != KeyPurpose.Verify &&
keySet.Metadata.Purpose != KeyPurpose.SignAndVerify)
{
throw new InvalidKeySetException("This key set can not be used for verifying signatures.");
}
}
public KeySetKey(IKeySet keySet)
{
KeySet = keySet;
var primaryKey = keySet.GetPrimaryKey();
KeyId = KeySet.Metadata.Name;
KeySize = primaryKey?.Size ?? -1;
CryptoProviderFactory.CustomCryptoProvider = new KeyzureCryptoProvider();
}
/// <summary>
/// Initializes a new instance of the <see cref="AttachedSigner" /> class.
/// </summary>
/// <param name="keySet">The key set.</param>
/// <exception cref="InvalidKeySetException">This key set can not be used for verifying signatures.</exception>
public JwtVerifier(IKeySet keySet) : base(keySet)
{
if (keySet.Metadata.Purpose != KeyPurpose.Verify &&
keySet.Metadata.Purpose != KeyPurpose.SignAndVerify)
{
throw new InvalidKeySetException("This key set can not be used for verifying signatures.");
}
_verifier = new HelperAttachedJTWVerifier(keySet, this);
}
public void AddKeySet(IKeySet keySet)
{
if (_keySets.ContainsKey(keySet.Name))
{
IKeySet _;
_keySets.TryRemove(keySet.Name, out _);
}
_keySets.TryAdd(keySet.Name, keySet);
}
private bool disposedValue = false; // To detect redundant calls
protected virtual void Dispose(bool disposing)
{
if (!disposedValue)
{
if (disposing)
{
_keySet = _keySet.SafeDispose();
_password = _password.SafeDispose();
}
disposedValue = true;
}
}
private bool disposedValue = false; // To detect redundant calls
protected virtual void Dispose(bool disposing)
{
if (!disposedValue)
{
if (disposing)
{
_keySet = _keySet.SafeDispose();
_crypter = _crypter.SafeDispose();
}
disposedValue = true;
}
}
/// <summary>
/// Initializes a new instance of the <see cref="MutableKeySet"/> class.
/// </summary>
/// <param name="keySet">The key set.</param>
public MutableKeySet(IKeySet keySet)
{
_metadata = keySet.Metadata;
foreach (var version in keySet.Metadata.Versions)
{
//Easy way to deep copy keys
var keyData = keySet.GetKeyData(version.VersionNumber);
var key = Key.Read(_metadata.KeyType, keyData);
keyData.Clear();
_keys.Add(version.VersionNumber, key);
}
}
/// <summary>
/// Initializes a new instance of the <see cref="MutableKeySet"/> class.
/// </summary>
/// <param name="keySet">The key set.</param>
public MutableKeySet(IKeySet keySet)
{
_metadata = keySet.Metadata;
foreach (var version in keySet.Metadata.Versions)
{
//Easy way to deep copy keys
var keyData = keySet.GetKeyData(version.VersionNumber);
var key = Key.Read(_metadata.KeyType, keyData);
keyData.Clear();
_keys.Add(version.VersionNumber, key);
}
}
private bool disposedValue = false; // To detect redundant calls
protected virtual void Dispose(bool disposing)
{
if (!disposedValue)
{
if (disposing)
{
_crypter = _crypter.SafeDispose();
_certKeySet = _certKeySet.SafeDispose();
_keySet = _keySet.SafeDispose();
}
// TODO: free unmanaged resources (unmanaged objects) and override a finalizer below.
// TODO: set large fields to null.
disposedValue = true;
}
}
public CertEncryptedKeySet(IKeySet keySet, string thumbPrint)
{
var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadOnly);
var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, thumbPrint, false);
var cert = certCollection.OfType <X509Certificate2>().FirstOrDefault();
var privKey = cert?.GetRSAPrivateKey();
var keyParam = DotNetUtilities.GetRsaKeyPair(privKey).Private as RsaPrivateCrtKeyParameters;
var key = KeyFromBouncyCastle(keyParam);
_certKeySet = new ImportedKeySet(key, KeyPurpose.DecryptAndEncrypt, "imported from X509Store");
_keySet = keySet;
_crypter = new Crypter(_certKeySet);
_sessionPacker = new BsonSessionKeyPacker();
}
/// <summary>
/// Initializes a new instance of the <see cref="Keyczar"/> class.
/// </summary>
/// <param name="keySet">The key set.</param>
protected Keyczar(IKeySet keySet)
{
var metadata = keySet.Metadata;
var versions = metadata
.Versions
.Select(v =>
{
var key = keySet.GetKey(v.VersionNumber);
return(Tuple.Create(key.GetKeyHash(), v, key));
})
.ToList();
_primaryVersion = metadata.Versions.SingleOrDefault(it => it.Status == KeyStatus.Primary);
_versions = versions.ToDictionary(k => k.Item2.VersionNumber, v => v.Item3);
_hashedKeys = HashKeys(versions);
_hashedFallbackKeys = HashedFallbackKeys(versions);
}
private void EnsureKeySet()
{
if (_keySet != null || _tupleKeySet != null)
{
return;
}
_whereClause = GetConstraint(_referencedTable);
if (_usesSingleKey)
{
_keySet = KeySetUtils.ReadKeySet(_referencedTable, _referencedKeyFields[0],
_whereClause, _referencedKeyFieldTypes[0],
_referencedKeyFieldIndices[0]);
}
else
{
_tupleKeySet = KeySetUtils.ReadTupleKeySet(_referencedTable, _referencedKeyFields,
_whereClause, _referencedKeyFieldTypes,
_referencedKeyFieldIndices);
}
}
public void Load()
{
_keySets.Clear();
if (Properties == null)
{
return;
}
string loadStr = Properties.Load();
if (string.IsNullOrEmpty(loadStr))
{
return;
}
string[] res = loadStr.Split(';');
foreach (string item in res)
{
IKeySet keySet = KeySet.FromString(item);
if (keySet == null)
{
continue;
}
var element = getUiElementByNameCallBack.Invoke(keySet.Name);
if (element == null)
{
continue;
}
keySet.UiElement = element;
_keySets.TryAdd(keySet.Name, keySet);
}
}
public override void Remove(IKeySet keys)
{
// zip
}
/// <summary>
/// Initializes a new instance of the <see cref="Keyczar"/> class.
/// </summary>
/// <param name="keySet">The key set.</param>
protected Keyczar(IKeySet keySet)
{
var metadata = keySet.Metadata;
var versions = metadata
.Versions
.Select(v =>
{
var key = keySet.GetKey(v.VersionNumber);
return Tuple.Create(key.GetKeyHash(), v, key);
})
.ToList();
_primaryVersion = metadata.Versions.SingleOrDefault(it => it.Status == KeyStatus.Primary);
_versions = versions.ToDictionary(k => k.Item2.VersionNumber, v => v.Item3);
_hashedKeys = HashKeys(versions);
_hashedFallbackKeys = HashedFallbackKeys(versions);
}
public KeyzureSigningCredentials(IKeySet keySet)
: base(new KeySetKey(keySet), Jwt.AlgForKey(keySet.GetPrimaryKey())?.ToString())
{
}
/// <summary>
/// Initializes a new instance of the <see cref="EncryptedKeySet"/> class.
/// </summary>
/// <param name="keySet">The key set.</param>
/// <param name="crypter">The crypter.</param>
public EncryptedKeySet(IKeySet keySet, Crypter crypter)
{
_keySet = keySet;
_crypter = crypter;
}
public GetPrimary(IKeySet keySet) : base(keySet)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="AttachedSigner"/> class.
/// </summary>
/// <param name="keySet">The key set.</param>
public AttachedSigner(IKeySet keySet) : base(keySet)
{
_signer = new AttachedSignerHelper(keySet, this);
}
/// <summary>
/// Initializes a new instance of the <see cref="AttachedSignerHelper"/> class.
/// </summary>
/// <param name="keySet">The key set.</param>
public AttachedSignerHelper(IKeySet keySet, Keyczar parent)
: base(keySet)
{
Config = parent.Config;
}
/// <summary>
/// Initializes a new instance of the <see cref="VanillaVerifier"/> class.
/// </summary>
/// <param name="keySet">The key set.</param>
public VanillaVerifier(IKeySet keySet) : base(keySet)
{
}
private void Add(KeyScheme scheme, IKeySet keys)
{
if (!keys.IsEmpty)
NewKeysetFor(scheme).Add(keys);
}
/// <summary>
/// Initializes a new instance of the <see cref="TimeoutVerifierHelper"/> class.
/// </summary>
/// <param name="keySet">The key set.</param>
public TimeoutVerifierHelper(IKeySet keySet)
: base(keySet)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="HelperAttachedVerify"/> class.
/// </summary>
/// <param name="keySet">The key set.</param>
public HelperAttachedVerify(IKeySet keySet, KeyczarBase parent) : base(keySet)
{
_parent = parent;
}
public override int Run(string[] remainingArguments)
{
if (remainingArguments.Length > 0)
{
_message = remainingArguments[0];
if (_format == WireFormat.SignTimeout)
{
DateTime outDate;
if (remainingArguments.Length > 1 && DateTime.TryParse(remainingArguments[1], out outDate))
{
_expires = outDate;
}
else
{
throw new ConsoleHelpAsException("Missing or wrong format extra-parameter (expiration-datetime, ISO 8601 for sign-timeout)");
}
}
else if (_format == WireFormat.SignAttached)
{
if (remainingArguments.Length > 1)
{
_attachedHidden = remainingArguments[1];
}
}
}
IDisposable d1 = null;
IDisposable d2 = null;
IDisposable d3 = null;
IDisposable d4 = null;
IDisposable d5 = null;
IDisposable d6 = null;
IKeySet ks = ProduceKeySet(_location, _crypterLocation, _password, out d1, out d2, out d3);
IKeySet ks2 = ProduceKeySet(_location2, _crypterLocation2, _password2, out d4, out d5, out d6);
using (d1)
using (d2)
using (d3)
using (d4)
using (d5)
using (d6)
{
Stream inStream;
if (String.IsNullOrWhiteSpace(_message))
{
if (_password)
{
Console.WriteLine(Localized.MsgMessageFlagWithPassword);
return(-1);
}
if (_format == WireFormat.CryptSession || _format == WireFormat.CryptSignedSession)
{
Console.WriteLine(Localized.MsgMessageFlagSession);
return(-1);
}
inStream = Console.OpenStandardInput();
}
else if (_file)
{
inStream = File.OpenRead(_message);
}
else
{
inStream = new MemoryStream(Keyczar.Keyczar.RawStringEncoding.GetBytes(_message));
}
Stream outstream;
if (_binary)
{
if (String.IsNullOrWhiteSpace(_destination))
{
outstream = Console.OpenStandardOutput();
}
else
{
outstream = File.Open(_destination, FileMode.CreateNew);
}
}
else
{
outstream = new MemoryStream();
}
Stream outstream2 = null;
if ((_format == WireFormat.CryptSession || _format == WireFormat.CryptSignedSession) &&
String.IsNullOrWhiteSpace(_destination2))
{
Console.WriteLine(Localized.MsgRequiresDestination2);
return(-1);
}
else if (_binary & !String.IsNullOrWhiteSpace(_destination2))
{
outstream2 = File.Open(_destination2, FileMode.CreateNew);
}
else
{
outstream2 = new MemoryStream();
}
using (inStream)
using (outstream)
using (outstream2)
{
var err = TakeAction(ks, inStream, outstream, outstream2, ks2);
if (err != 0)
{
return(err);
}
if (!_binary)
{
EncodeData(outstream, _destination);
EncodeData(outstream2, _destination2);
}
}
}
return(0);
}
/// <summary>
/// Initializes a new instance of the <see cref="TimeoutVerifier" /> class.
/// </summary>
/// <param name="keySet">The key set.</param>
/// <param name="currentDateTime">The current date time provider.</param>
public TimeoutVerifier(IKeySet keySet, Func<DateTime> currentDateTime = null)
: base(keySet)
{
_verifier = new TimeoutVerifierHelper(keySet);
_currentDateTime = currentDateTime ?? (()=> DateTime.Now);
}
/**
* Match a producer/consumer keyset in the current scheme.
*
* @param producerKeys The producer keys.
* @param consumerKeys The consumer keys.
* @return True if a consumer using consumerKeys could receive a
* notification from a producer with producerKeys in this
* scheme.
*/
public bool Match(IKeySet producerKeys, IKeySet consumerKeys)
{
if (IsDual())
{
DualKeySet keys1 = (DualKeySet)producerKeys;
DualKeySet keys2 = (DualKeySet)consumerKeys;
return MatchKeys(keys1.ProducerKeys, keys2.ProducerKeys) &&
MatchKeys(keys2.ConsumerKeys, keys1.ConsumerKeys);
}
else if (Producer)
{
return MatchKeys((SingleKeySet)producerKeys,
(SingleKeySet)consumerKeys);
}
else
{
return MatchKeys((SingleKeySet)consumerKeys,
(SingleKeySet)producerKeys);
}
}
public override void Add(IKeySet keys)
{
throw new NotSupportedException ();
}
public IKeySet Subtract(IKeySet theKeys)
{
DualKeySet keys = (DualKeySet)theKeys;
return new DualKeySet(ProducerKeys.Except(keys.ProducerKeys),
ConsumerKeys.Except(keys.ConsumerKeys));
}
