async public Task <IActionResult> Get(string path) { try { string[] pathParts = path.Split('/'); if (!this.User.GetScopes().Contains($"secrets-vault.{ pathParts[0] }") && !this.User.IsInRole(KnownRoles.SecretsVaultAdministrator)) { throw new StatusMessageException($"Unauthorized user or client \"{ this.User.GetUsernameOrClientId() }\""); //return Unauthorized(); } VaultSecretVersion secretVersion = await _secretsVaultManager.GetSecretVersion(path); return(new JsonResult( new { success = true, path = path, secret = secretVersion })); } catch (StatusMessageException sme) { return(new JsonResult( new { success = false, errorMessage = sme.Message })); } catch /*(Exception ex)*/ { return(new JsonResult( new { success = false, errorMessage = "Internal error." })); } }
async public Task <VaultSecretVersion> GetSecretVersion(string path) { if (_secretsVaultDb == null || _vaultSecrtesCryptoService == null) { throw new ArgumentException("Scretsvault not initialized. No SecretsVaultDbContext or VautlSecretCryptService definied"); } string[] pathParts = path.Split('/'); if (pathParts.Length < 2 || pathParts.Length > 3) { throw new StatusMessageException($"Invalid path: { path }"); } VaultSecretVersion secretVersion = null; if (pathParts.Length == 3) { if (!long.TryParse(pathParts[2], out long versionTimeStamp)) { throw new StatusMessageException($"Invalid version time stamp: { pathParts[2] }"); } secretVersion = await _secretsVaultDb.GetSecretVersionAsync(pathParts[0], pathParts[1], versionTimeStamp, CancellationToken.None); } else { secretVersion = (await _secretsVaultDb.GetVaultSecretVersionsAsync(pathParts[0], pathParts[1], CancellationToken.None)) .OrderByDescending(s => s.VersionTimeStamp) .FirstOrDefault(); } if (secretVersion == null) { throw new StatusMessageException($"Secret { path } not found"); } secretVersion.Secret = _vaultSecrtesCryptoService.DecryptText(secretVersion.Secret, Encoding.Unicode); return(secretVersion); }
async public Task <IActionResult> OnPostAsync() { return(await SecureHandlerAsync(async() => { await LoadCurrentSecretAsync(Input.LockerName, Input.SecretName); var inputSecret = Input.Secret.Trim(); if (!String.IsNullOrWhiteSpace(Input.Secret)) { var secretVersion = new VaultSecretVersion() { VersionTimeStamp = DateTime.UtcNow.Ticks, Secret = _vaultSecrtesCryptoService.EncryptText(Input.Secret, Encoding.Unicode) }; await _secretsVaultDb.CreateVaultSecretVersionAsync(this.LockerName, this.CurrentSecret.Name, secretVersion, CancellationToken.None); } } , onFinally : () => RedirectToPage(new { id = Input.SecretName, locker = Input.LockerName }) , successMessage : "Secret version created successfully")); }
async public Task <bool> CreateVaultSecretVersionAsync(string lockerName, string valutSecretName, VaultSecretVersion vaultSecretVersion, CancellationToken cancellationToken) { if (String.IsNullOrWhiteSpace(lockerName)) { throw new StatusMessageException("Invalid locker name"); } if (String.IsNullOrWhiteSpace(valutSecretName)) { throw new StatusMessageException("Invalid secret name"); } var diLocker = new DirectoryInfo($"{ _rootPath }/{ lockerName }"); if (!diLocker.Exists) { throw new StatusMessageException($"Locker { lockerName } not exists"); } var diSecret = new DirectoryInfo($"{ diLocker.FullName }/{ valutSecretName }"); if (!diSecret.Exists) { throw new StatusMessageException($"Secret { lockerName } not exists"); } var fi = new FileInfo($"{ diSecret.FullName }/{ vaultSecretVersion.VersionTimeStamp }.secret"); if (fi.Exists) { throw new StatusMessageException($"This version { vaultSecretVersion.VersionTimeStamp } already exists"); } byte[] buffer = Encoding.UTF8.GetBytes( _cryptoService.EncryptText(_blobSerializer.SerializeObject(vaultSecretVersion))); using (var fs = new FileStream(fi.FullName, FileMode.OpenOrCreate, FileAccess.Write, FileShare.None, buffer.Length, true)) { await fs.WriteAsync(buffer, 0, buffer.Length); } return(true); }