async public Task <IActionResult> Get(string path)
{
try
{
string[] pathParts = path.Split('/');
if (!this.User.GetScopes().Contains($"secrets-vault.{ pathParts[0] }") &&
!this.User.IsInRole(KnownRoles.SecretsVaultAdministrator))
{
throw new StatusMessageException($"Unauthorized user or client \"{ this.User.GetUsernameOrClientId() }\"");
//return Unauthorized();
}
VaultSecretVersion secretVersion = await _secretsVaultManager.GetSecretVersion(path);
return(new JsonResult(
new
{
success = true,
path = path,
secret = secretVersion
}));
}
catch (StatusMessageException sme)
{
return(new JsonResult(
new
{
success = false,
errorMessage = sme.Message
}));
}
catch /*(Exception ex)*/
{
return(new JsonResult(
new
{
success = false,
errorMessage = "Internal error."
}));
}
}
async public Task <VaultSecretVersion> GetSecretVersion(string path)
{
if (_secretsVaultDb == null || _vaultSecrtesCryptoService == null)
{
throw new ArgumentException("Scretsvault not initialized. No SecretsVaultDbContext or VautlSecretCryptService definied");
}
string[] pathParts = path.Split('/');
if (pathParts.Length < 2 || pathParts.Length > 3)
{
throw new StatusMessageException($"Invalid path: { path }");
}
VaultSecretVersion secretVersion = null;
if (pathParts.Length == 3)
{
if (!long.TryParse(pathParts[2], out long versionTimeStamp))
{
throw new StatusMessageException($"Invalid version time stamp: { pathParts[2] }");
}
secretVersion = await _secretsVaultDb.GetSecretVersionAsync(pathParts[0], pathParts[1], versionTimeStamp, CancellationToken.None);
}
else
{
secretVersion = (await _secretsVaultDb.GetVaultSecretVersionsAsync(pathParts[0], pathParts[1], CancellationToken.None))
.OrderByDescending(s => s.VersionTimeStamp)
.FirstOrDefault();
}
if (secretVersion == null)
{
throw new StatusMessageException($"Secret { path } not found");
}
secretVersion.Secret =
_vaultSecrtesCryptoService.DecryptText(secretVersion.Secret, Encoding.Unicode);
return(secretVersion);
}
async public Task <IActionResult> OnPostAsync()
{
return(await SecureHandlerAsync(async() =>
{
await LoadCurrentSecretAsync(Input.LockerName, Input.SecretName);
var inputSecret = Input.Secret.Trim();
if (!String.IsNullOrWhiteSpace(Input.Secret))
{
var secretVersion = new VaultSecretVersion()
{
VersionTimeStamp = DateTime.UtcNow.Ticks,
Secret = _vaultSecrtesCryptoService.EncryptText(Input.Secret, Encoding.Unicode)
};
await _secretsVaultDb.CreateVaultSecretVersionAsync(this.LockerName, this.CurrentSecret.Name, secretVersion, CancellationToken.None);
}
}
, onFinally : () => RedirectToPage(new { id = Input.SecretName, locker = Input.LockerName })
, successMessage : "Secret version created successfully"));
}
async public Task <bool> CreateVaultSecretVersionAsync(string lockerName, string valutSecretName, VaultSecretVersion vaultSecretVersion, CancellationToken cancellationToken)
{
if (String.IsNullOrWhiteSpace(lockerName))
{
throw new StatusMessageException("Invalid locker name");
}
if (String.IsNullOrWhiteSpace(valutSecretName))
{
throw new StatusMessageException("Invalid secret name");
}
var diLocker = new DirectoryInfo($"{ _rootPath }/{ lockerName }");
if (!diLocker.Exists)
{
throw new StatusMessageException($"Locker { lockerName } not exists");
}
var diSecret = new DirectoryInfo($"{ diLocker.FullName }/{ valutSecretName }");
if (!diSecret.Exists)
{
throw new StatusMessageException($"Secret { lockerName } not exists");
}
var fi = new FileInfo($"{ diSecret.FullName }/{ vaultSecretVersion.VersionTimeStamp }.secret");
if (fi.Exists)
{
throw new StatusMessageException($"This version { vaultSecretVersion.VersionTimeStamp } already exists");
}
byte[] buffer = Encoding.UTF8.GetBytes(
_cryptoService.EncryptText(_blobSerializer.SerializeObject(vaultSecretVersion)));
using (var fs = new FileStream(fi.FullName, FileMode.OpenOrCreate,
FileAccess.Write, FileShare.None, buffer.Length, true))
{
await fs.WriteAsync(buffer, 0, buffer.Length);
}
return(true);
}
