static void ReadMulticastFooter(int streamVersion, CKBinaryReader r, StreamLogType t, out string gId, out string mId, out int depth, out LogEntryType prevType, out DateTimeStamp prevTime)
{
if (streamVersion == 9)
{
gId = r.ReadString();
mId = r.ReadString();
depth = r.ReadNonNegativeSmallInt32();
Throw.CheckData(mId == GrandOutput.ExternalLogMonitorUniqueId || Base64UrlHelper.IsBase64UrlCharacters(mId));
}
else
{
gId = GrandOutput.UnknownGrandOutputId;
Debug.Assert(Guid.Empty.ToByteArray().Length == 16);
mId = streamVersion < 8 ? new Guid(r.ReadBytes(16)).ToString() : r.ReadString();
depth = streamVersion < 6 ? r.ReadInt32() : r.ReadNonNegativeSmallInt32();
if (streamVersion >= 8)
{
Throw.CheckData(mId == GrandOutput.ExternalLogMonitorUniqueId || Base64UrlHelper.IsBase64UrlCharacters(mId));
}
}
Throw.CheckData(gId == GrandOutput.UnknownGrandOutputId || Base64UrlHelper.IsBase64UrlCharacters(gId));
Throw.CheckData(depth >= 0);
prevType = LogEntryType.None;
prevTime = DateTimeStamp.Unknown;
if ((t & StreamLogType.IsPreviousKnown) != 0)
{
prevTime = new DateTimeStamp(DateTime.FromBinary(r.ReadInt64()), (t & StreamLogType.IsPreviousKnownHasUniquifier) != 0 ? r.ReadByte() : (Byte)0);
prevType = (LogEntryType)r.ReadByte();
}
}
public string EncodeCompact()
{
string ret = encoded_header + ".";
if (encrypted_key != null)
{
ret += Base64UrlHelper.Encode(encrypted_key);
}
ret += ".";
if (init_vector != null)
{
ret += Base64UrlHelper.Encode(init_vector);
}
ret += ".";
if (ciphertext != null)
{
ret += Base64UrlHelper.Encode(ciphertext);
}
ret += ".";
if (auth_tag != null)
{
ret += Base64UrlHelper.Encode(auth_tag);
}
return(ret);
}
/// <summary>
/// Encrypt SD data with exchange key.
/// </summary>
/// <param name="plaintextList"></param>
/// <param name="cert">Exchange key</param>
/// <returns></returns>
public SecurityDomainRestoreData EncryptForRestore(PlaintextList plaintextList, X509Certificate2 cert)
{
try
{
SecurityDomainRestoreData securityDomainRestoreData = new SecurityDomainRestoreData();
securityDomainRestoreData.EncData.kdf = "sp108_kdf";
byte[] master_key = Utils.GetRandom(32);
foreach (Plaintext p in plaintextList.list)
{
Datum datum = new Datum();
HMACSHA512 hmac = new HMACSHA512();
byte[] enc_key = KDF.sp800_108(master_key, p.tag, "", hmac, 512);
datum.tag = p.tag;
JWE jwe = new JWE();
jwe.Encrypt(enc_key, p.plaintext, "A256CBC-HS512", p.tag);
datum.compact_jwe = jwe.EncodeCompact();
securityDomainRestoreData.EncData.data.Add(datum);
}
// Now go make the wrapped key
JWE jwe_wrapped = new JWE();
jwe_wrapped.Encrypt(cert, master_key);
securityDomainRestoreData.WrappedKey.enc_key = jwe_wrapped.EncodeCompact();
securityDomainRestoreData.WrappedKey.x5t_256 = Base64UrlHelper.Encode(Utils.Sha256Thumbprint(cert));
return(securityDomainRestoreData);
}
catch (Exception ex)
{
throw new Exception("Failed to encrypt security domain data for restoring.", ex);
}
}
private string CreateJwk(RSAParameters rsaKeyInfo, out string keyId)
{
string modulus = Base64UrlHelper.Encode(rsaKeyInfo.Modulus);
string exp = Base64UrlHelper.Encode(rsaKeyInfo.Exponent);
SHA256 sha256 = SHA256.Create();
byte[] hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(modulus + exp));
StringBuilder hex = new StringBuilder(hash.Length * 2);
for (int i = 0; i < hash.Length; ++i)
{
hex.AppendFormat("{0:x2}", hash[i]);
}
keyId = hex.ToString();
Dictionary <string, object> jwk = new Dictionary <string, object>
{
{ "kty", "RSA" },
{ "kid", keyId },
{ "n", modulus },
{ "e", exp }
};
return(JsonConvert.SerializeObject(jwk));
}
public static string GetClaimsChallenge(HttpResponseMessage response)
{
return(ParseWwwAuthenticate(response)?
.Where((p) => string.Equals(p.Item1, "claims", StringComparison.OrdinalIgnoreCase))
.Select(p => Base64UrlHelper.DecodeToString(p.Item2))
.FirstOrDefault());
}
public void LoadKey(KeyPath path)
{
CertKey certKey = new CertKey();
certKey.Load(path);
string encodedThumbprint = Base64UrlHelper.Encode(certKey.GetThumbprint());
_keys.Add(encodedThumbprint, certKey);
}
public void EncodeHeader()
{
string header_json = JsonConvert.SerializeObject(
protected_header,
Formatting.None,
new JsonSerializerSettings {
NullValueHandling = NullValueHandling.Ignore
});
encoded_header = Base64UrlHelper.Encode(header_json);
}
public AcrToken(string token)
{
_token = token;
string decodedToken = Base64UrlHelper.DecodeToString(_token.Split('.')[1]);
int unixTimeSeconds = JsonDocument.Parse(decodedToken)
.RootElement
.EnumerateObject()
.Where(p => p.Name == "exp")
.Select(p => p.Value.GetInt32())
.First();
_exp = DateTimeOffset.FromUnixTimeSeconds(unixTimeSeconds).UtcDateTime;
}
/// <summary>
/// Initializes a new <see cref="RemoteIdentityOptions"/>.
/// </summary>
/// <param name="remoteDomainNameOverride">See <see cref="RemoteDomainNameOverride"/>.</param>
/// <param name="remoteEnvironmentNameOverride">See <see cref="RemoteEnvironmentNameOverride"/>.</param>
/// <param name="remotePartyNameOverride">See <see cref="RemotePartyNameOverride"/>.</param>
public RemoteIdentityOptions(string?remoteDomainNameOverride = null,
string?remoteEnvironmentNameOverride = null,
string?remotePartyNameOverride = null)
{
Throw.CheckArgument(remoteDomainNameOverride == null || CoreApplicationIdentity.Builder.IsValidIdentifier(remoteDomainNameOverride));
Throw.CheckArgument(string.IsNullOrEmpty(remoteEnvironmentNameOverride) || CoreApplicationIdentity.Builder.IsValidIdentifier(remoteEnvironmentNameOverride));
Throw.CheckArgument(remotePartyNameOverride == null || Base64UrlHelper.IsBase64Url(remotePartyNameOverride));
RemoteDomainNameOverride = remoteDomainNameOverride;
RemoteEnvironmentNameOverride = remoteEnvironmentNameOverride;
RemotePartyNameOverride = remotePartyNameOverride;
}
public JweDecode(string compact_jwe)
{
string[] parts = compact_jwe.Split('.');
if (parts.Length != 5)
{
throw new Exception("Malformed input");
}
encoded_header = parts[0];
string header = Base64UrlHelper.DecodeToString(encoded_header);
encrypted_key = Base64UrlHelper.DecodeToBytes(parts[1]);
init_vector = Base64UrlHelper.DecodeToBytes(parts[2]);
ciphertext = Base64UrlHelper.DecodeToBytes(parts[3]);
auth_tag = Base64UrlHelper.DecodeToBytes(parts[4]);
protected_header = JsonConvert.DeserializeObject <JWE_header>(header);
}
public LocalParty(string domainName,
string environmentName,
string partyName,
StandardKeysConfiguration keysConfiguration,
IApplicationIdentityClock clock,
IKeyStore?keyStore,
TrustedPartyConfiguration?localConfiguration = null)
: base(domainName, environmentName, partyName, localConfiguration)
{
Throw.CheckArgument(domainName != null && CoreApplicationIdentity.Builder.IsValidIdentifier(domainName));
Throw.CheckArgument(environmentName != null && (environmentName == "" || CoreApplicationIdentity.Builder.IsValidIdentifier(environmentName)));
Throw.CheckArgument(partyName != null && Base64UrlHelper.IsBase64Url(partyName));
_keyExchangeRequired = new PerfectEventSender <KeyExchangeRequiredEventArgs>();
_remotes = new ConcurrentDictionary <string, RemoteParty>();
_exposed = _remotes.AsIReadOnlyDictionary <string, RemoteParty, IRemoteParty>();
KeyFactory = new KeyFactory(keysConfiguration, clock.Clock);
KeyStore = keyStore;
DomainName = domainName;
EnvironmentName = environmentName;
_appClock = clock;
}
void SetX5t256(X509Certificate2 cert)
{
x5t_S256 = Base64UrlHelper.Encode(Utils.Sha256Thumbprint(cert));
}
void SetX5t(X509Certificate2 cert)
{
x5t = Base64UrlHelper.Encode(ToByteArray(cert.Thumbprint));
}
void SetModulus(byte[] modulus)
{
n = Base64UrlHelper.Encode(modulus);
}
void SetExponent(byte[] exp)
{
e = Base64UrlHelper.Encode(exp);
}
public override void ExecuteCmdlet()
{
base.ExecuteCmdlet();
string resourceUrlOrId;
if (ParameterSetName == KnownResourceNameParameterSet)
{
if (ResourceTypeName == null)
{
ResourceTypeName = SupportedResourceNames.Arm;
}
if (!SupportedResourceNames.ResourceNameMap.ContainsKey(ResourceTypeName))
{
throw new ArgumentException(Properties.Resources.InvalidResourceTypeName.FormatInvariant(ResourceTypeName), nameof(ResourceTypeName));
}
resourceUrlOrId = SupportedResourceNames.ResourceNameMap[ResourceTypeName];
}
else
{
resourceUrlOrId = ResourceUrl;
}
IAzureContext context = DefaultContext;
if (TenantId == null)
{
TenantId = context.Tenant?.Id;
}
IAccessToken accessToken = AzureSession.Instance.AuthenticationFactory.Authenticate(
context.Account,
context.Environment,
TenantId,
null,
ShowDialog.Never,
null,
null,
resourceUrlOrId);
var result = new PSAccessToken()
{
Token = accessToken.AccessToken,
TenantId = TenantId,
UserId = accessToken.UserId,
};
result.ExpiresOn = (accessToken as MsalAccessToken)?.ExpiresOn ?? result.ExpiresOn;
if (result.ExpiresOn == default(DateTimeOffset))
{
try
{
var tokenParts = accessToken.AccessToken.Split('.');
var decodedToken = Base64UrlHelper.DecodeToString(tokenParts[1]);
var tokenDocument = JsonDocument.Parse(decodedToken);
int expSeconds = tokenDocument.RootElement.EnumerateObject()
.Where(p => p.Name == "exp")
.Select(p => p.Value.GetInt32())
.First();
result.ExpiresOn = UnixEpoch.AddSeconds(expSeconds);
}
catch (Exception e)//Ignore exception if fails to parse exp from token
{
WriteDebug("Unable to parse exp in token: " + e.ToString());
}
}
WriteObject(result);
}
