Example #1
0
        private string GetParameterWithEncryption(HMACSignatureAlgorithm hmac, SharedSecretEncryptionKey encryptionKey, out bool isEncrypted)
        {
            var unencrypted = Encoding.UTF8.GetString(hmac.Key);

            if (encryptionKey == SharedSecretEncryptionKey.Empty)
            {
                isEncrypted = false;
                return(unencrypted);
            }

            isEncrypted = true;

            var protector = _stringProtectorFactory.CreateSymmetric(encryptionKey);

            return(protector.Protect(unencrypted));
        }
Example #2
0
        public async Task Run()
        {
            var collection = _lazyCollection.Value;

            var allClients = await collection.FindAsync(FilterDefinition <ClientDataRecordV2> .Empty).ConfigureAwait(continueOnCapturedContext: false);

            var clientsToMigrate = (await allClients.ToListAsync().ConfigureAwait(continueOnCapturedContext: false))
                                   .Where(c => !c.V.HasValue || c.V.Value < 2)
                                   .ToList();

            foreach (var clientToMigrate in clientsToMigrate)
            {
                // Encrypt parameter, if needed:
                // - Encryption should be enabled
                // - It should not have been encrypted before
                // - Only applicable for HMAC signature algorithms (the only supported symmetric key algorithm)
                if (_mongoDbClientStoreSettings.SharedSecretEncryptionKey != SharedSecretEncryptionKey.Empty &&
                    clientToMigrate.SignatureAlgorithm.Type.Equals("hmac", StringComparison.OrdinalIgnoreCase) &&
                    !clientToMigrate.SignatureAlgorithm.IsParameterEncrypted)
                {
                    var protector = _stringProtectorFactory.CreateSymmetric(_mongoDbClientStoreSettings.SharedSecretEncryptionKey);
                    clientToMigrate.SignatureAlgorithm.Parameter            = protector.Protect(clientToMigrate.SignatureAlgorithm.Parameter);
                    clientToMigrate.SignatureAlgorithm.IsParameterEncrypted = true;
                }

                // Fill in RequestTargetEscaping, if it is missing
                clientToMigrate.RequestTargetEscaping = ClientOptions.Default.RequestTargetEscaping.ToString();

                // Fill in ClockSkew, if it is missing
                clientToMigrate.ClockSkew = clientToMigrate.ClockSkew ?? ClientOptions.Default.ClockSkew.TotalSeconds;

                // Fill in NonceLifetime, if it is missing, and drop obsolete NonceExpiration value
#pragma warning disable 618
                clientToMigrate.NonceLifetime   = clientToMigrate.NonceLifetime ?? clientToMigrate.NonceExpiration ?? ClientOptions.Default.NonceLifetime.TotalSeconds;
                clientToMigrate.NonceExpiration = null;
#pragma warning restore 618

                // Update version
                clientToMigrate.V = ClientDataRecordV2.GetV();

                // Store migrated client
                await collection
                .ReplaceOneAsync(_ => _.Id == clientToMigrate.Id, clientToMigrate, new ReplaceOptions { IsUpsert = false })
                .ConfigureAwait(continueOnCapturedContext: false);
            }
        }