public Credential CreateGlobalCredential(GlobalCredentialViewModel request)
{
if (!String.IsNullOrEmpty(request.PasswordSecret))
{
//get encryption key
var orgId = _organizationManager.GetDefaultOrganization().Id;
_organizationSettingRepository.ForceIgnoreSecurity();
var organizationKey = _organizationSettingRepository.Find(null, o => o.OrganizationId == orgId).Items.FirstOrDefault().EncryptionKey;
var applicationKey = _configuration.GetSection("ApplicationEncryption:Key").Value;
var encryptionKey = applicationKey + organizationKey;
//generate salt
request.HashSalt = CredentialHasher.CreateSalt(32); //create 32 byte salt
//generate hash
request.PasswordHash = CredentialHasher.GenerateSaltedHash(request.PasswordSecret, request.HashSalt);
// Encrypt and decrypt the sample text via the Aes256CbcEncrypter class.
request.PasswordSecret = CredentialsEncrypter.Encrypt(request.PasswordSecret, encryptionKey);
}
Credential credential = new Credential();
credential = request.Map(request);
CredentialNameAvailability(credential);
if (!ValidateStartAndEndDates(credential))
{
throw new EntityOperationException("Start and End Date are not valid");
}
return(credential);
}
public string GetPassword(Credential request)
{
var encryptionKey = GetEncryptionKey();
string stringPassword = request.PasswordSecret;
if (String.IsNullOrEmpty(stringPassword))
{
return("");
}
if (!CredentialsEncrypter.IsBase64(request.PasswordSecret))//if encryption is not in base64
{
//encrypt existing password
request.HashSalt = CredentialHasher.CreateSalt(32); //create 32 byte salt
//generate hash
request.PasswordHash = CredentialHasher.GenerateSaltedHash(request.PasswordSecret, request.HashSalt);
//encrypt the provided password
request.PasswordSecret = CredentialsEncrypter.Encrypt(request.PasswordSecret, encryptionKey);
_repo.Update(request);
return(stringPassword);
}
return(CredentialsEncrypter.Decrypt(request.PasswordSecret, encryptionKey));
}
public Credential CreateAgentCredential(AgentCredentialViewModel request)
{
if (!String.IsNullOrEmpty(request.PasswordSecret))
{
var encryptionKey = GetEncryptionKey();
//generate salt
request.HashSalt = CredentialHasher.CreateSalt(32); //create 32 byte salt
//generate hash
request.PasswordHash = CredentialHasher.GenerateSaltedHash(request.PasswordSecret, request.HashSalt);
// Encrypt and decrypt the sample text via the Aes256CbcEncrypter class.
request.PasswordSecret = CredentialsEncrypter.Encrypt(request.PasswordSecret, encryptionKey);
}
Credential globalCredential = _repo.Find(null, a => a.Name == request.Name && a.AgentId == null).Items?.FirstOrDefault();
Credential agentCredential = request.Map(request);
if (globalCredential == null)
{
throw new EntityDoesNotExistException("No global credential exists with the given name");
}
CredentialNameAvailability(agentCredential);
if (!ValidateStartAndEndDates(agentCredential))
{
throw new EntityOperationException("Start and End Date are not valid");
}
agentCredential.Provider = globalCredential.Provider;
return(agentCredential);
}
public Credential UpdateCredential(string id, Credential request)
{
Guid entityId = new Guid(id);
var existingCredential = _repo.GetOne(entityId);
if (existingCredential == null)
{
throw new EntityDoesNotExistException("Credential could not be found or does not exist");
}
request.Id = entityId;
CredentialNameAvailability(request);
if (!ValidateStartAndEndDates(request))
{
throw new InvalidOperationException("");
}
existingCredential.StartDate = request.StartDate;
existingCredential.EndDate = request.EndDate;
existingCredential.Domain = request.Domain;
existingCredential.UserName = request.UserName;
existingCredential.Certificate = request.Certificate;
if (!String.IsNullOrEmpty(request.PasswordSecret))//password is not null or empty, then set a new password
{
var encryptionKey = GetEncryptionKey();
if (CredentialsEncrypter.IsBase64(existingCredential.PasswordSecret))//if encryption is in base64
{
existingCredential.PasswordSecret = CredentialsEncrypter.Decrypt(existingCredential.PasswordSecret, encryptionKey);
}
if (existingCredential.PasswordSecret != request.PasswordSecret)
{
//generate salt
existingCredential.HashSalt = CredentialHasher.CreateSalt(32); //create 32 byte salt
//generate hash
existingCredential.PasswordHash = CredentialHasher.GenerateSaltedHash(request.PasswordSecret, existingCredential.HashSalt);
//encrypt the provided password
existingCredential.PasswordSecret = CredentialsEncrypter.Encrypt(request.PasswordSecret, encryptionKey);
}
}
if (request.PasswordSecret == "")//if password is an empty string, then remove password fields
{
existingCredential.HashSalt = null;
existingCredential.PasswordHash = null;
existingCredential.PasswordSecret = null;
}
return(existingCredential);
}
