public ITimeLimitedDataProtector CreateProtector(string purpose) { if (purpose == null) { throw new ArgumentNullException(nameof(purpose)); } return(new TimeLimitedDataProtector(_innerProtector.CreateProtector(purpose))); }
/// <summary> /// Creates an <see cref="IDataProtector"/> given a list of purposes. /// </summary> /// <param name="provider">The <see cref="IDataProtectionProvider"/> from which to generate the purpose chain.</param> /// <param name="purpose">The primary purpose used to create the <see cref="IDataProtector"/>.</param> /// <param name="subPurposes">An optional list of secondary purposes which contribute to the purpose chain. /// If this list is provided it cannot contain null elements.</param> /// <returns>An <see cref="IDataProtector"/> tied to the provided purpose chain.</returns> /// <remarks> /// This is a convenience method which chains together several calls to /// <see cref="IDataProtectionProvider.CreateProtector(string)"/>. See that method's /// documentation for more information. /// </remarks> public static IDataProtector CreateProtector( this IDataProtectionProvider provider, string purpose, params string[] subPurposes ) { if (provider == null) { throw new ArgumentNullException(nameof(provider)); } if (purpose == null) { throw new ArgumentNullException(nameof(purpose)); } // The method signature isn't simply CreateProtector(this IDataProtectionProvider, params string[] purposes) // because we don't want the code provider.CreateProtector() [parameterless] to inadvertently compile. // The actual signature for this method forces at least one purpose to be provided at the call site. IDataProtector protector = provider.CreateProtector(purpose); if (subPurposes != null && subPurposes.Length > 0) { protector = protector?.CreateProtector((IEnumerable <string>)subPurposes); } return(protector ?? CryptoUtil.Fail <IDataProtector>("CreateProtector returned null.")); }
private IDataProtector Protector(string purpose) { var protector = _protector; if (!string.IsNullOrEmpty(purpose)) { protector = _protector.CreateProtector(purpose); } return(protector); }
public string Protect(AuthenticationTicket data, string purpose) { byte[] plaintext = _serializer.Serialize(data); IDataProtector dataProtector = _protector; if (!string.IsNullOrEmpty(purpose)) { dataProtector = dataProtector.CreateProtector(purpose); } return(Base64UrlTextEncoder.Encode(dataProtector.Protect(plaintext))); }
public string Protect(AuthenticationTicket data, string purpose) { byte[] array = this.ticketSerializer.Serialize(data); IDataProtector dataProtector = this.dataProtector; if (!string.IsNullOrEmpty(purpose)) { dataProtector = dataProtector.CreateProtector(purpose); } return(Base64UrlTextEncoder.Encode(dataProtector.Protect(array))); }
private JwtTokens UnprotectTokens(JwtTokens protectedTokens) { // Create a Protector and start unprotecting the tokens IDataProtector authProtector = this.protectionProvider.CreateProtector(TokenProtector); IDataProtector accessTokenProtector = authProtector.CreateProtector(AccessTokenProtector); string accessToken = accessTokenProtector.Unprotect(protectedTokens.AccessToken); IDataProtector idTokenProtector = authProtector.CreateProtector(IdTokenProtector); string idToken = idTokenProtector.Unprotect(protectedTokens.IdToken); IDataProtector refreshTokenProtector = authProtector.CreateProtector(RefreshTokenProtector); string refreshToken = refreshTokenProtector.Unprotect(protectedTokens.RefreshToken); // Return the unprotected tokens for use. return(new JwtTokens { AccessToken = accessToken, IdToken = idToken, RefreshToken = refreshToken, }); }
IDataProtector IFactorySupportFunctions.CreateDataProtector(IDataProtectionProvider dataProtectionProvider) { Debug.Assert(dataProtectionProvider != null); IDataProtector dataProtector = dataProtectionProvider.CreateProtector(ApplicationName).CreateProtector(PrimaryPurpose); foreach (string specificPurpose in SpecificPurposes) { dataProtector = dataProtector.CreateProtector(specificPurpose); } Debug.Assert(dataProtector != null); return(dataProtector); }
private JwtTokens ProtectTokens(JwtTokens jwtTokens) { IDataProtector authProtector = this.protectionProvider.CreateProtector(TokenProtector); // Protect Access Token with a unique protector IDataProtector accessTokenProtector = authProtector.CreateProtector(AccessTokenProtector); string encryptedAccessToken = accessTokenProtector.Protect(jwtTokens.AccessToken); // Protect Id Token with a unique protector IDataProtector idTokenProtector = authProtector.CreateProtector(IdTokenProtector); string encryptedIdToken = idTokenProtector.Protect(jwtTokens.IdToken); // Protect Refresh Token with a unique protector IDataProtector refreshTokenProtector = authProtector.CreateProtector(RefreshTokenProtector); string encryptedRefreshToken = refreshTokenProtector.Protect(jwtTokens.RefreshToken); return(new JwtTokens { AccessToken = encryptedAccessToken, IdToken = encryptedIdToken, RefreshToken = encryptedRefreshToken, }); }
public DistributedCacheDecorator( string name, IDistributedCache distributedCache, IDataProtector dataProtector, CacheConfigurations cacheConfigurations) { if (string.IsNullOrEmpty(name)) { throw new ArgumentException("'name' cannot be null or empty", nameof(name)); } _name = name; _distributedCache = distributedCache; _dataProtector = dataProtector.CreateProtector(_name); _cacheConfiguration = cacheConfigurations.GetConfiguration(name); }
public string Decrypt(HttpContext context, string cookie) { IDataProtectionProvider dataProtectionProvider = _storedOption.DataProtectionProvider; IDataProtector protector = dataProtectionProvider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", "Identity.Application", "v2"); string purpose = GetTlsTokenBinding(context); if (!string.IsNullOrEmpty(purpose)) { protector = protector.CreateProtector(purpose); } var protectedData = Base64UrlTextEncoder.Decode(cookie); byte[] userData = protector.Unprotect(protectedData); var rawText = Encoding.UTF8.GetString(userData); return(rawText); }
public AuthenticationTicket Unprotect(string protectedText, string purpose) { AuthenticationTicket tdata; try { if (protectedText == null) { tdata = default(AuthenticationTicket); } else { byte[] array = Base64UrlTextEncoder.Decode(protectedText); if (array == null) { tdata = default(AuthenticationTicket); } else { IDataProtector dataProtector = _protector; if (!string.IsNullOrEmpty(purpose)) { dataProtector = dataProtector.CreateProtector(purpose); } byte[] array2 = dataProtector.Unprotect(array); if (array2 == null) { tdata = default(AuthenticationTicket); } else { tdata = _serializer.Deserialize(array2); } } } } catch { tdata = default(AuthenticationTicket); } return(tdata); }
/// <summary> /// Creates an <see cref="IDataProtector"/> to encrypt files with the specified key. /// </summary> /// <param name="encryptionKey">Key to use</param> /// <returns>The data protector</returns> private IDataProtector CreateProtector(string encryptionKey) { return(_protector.CreateProtector($"Key: {encryptionKey}")); }
/// <summary> /// Creates a time-limited data protector based on an existing protector. /// </summary> /// <param name="protector">The existing protector from which to derive a time-limited protector.</param> /// <returns>A time-limited data protector.</returns> public static ITimeLimitedDataProtector AsTimeLimitedDataProtector([NotNull] this IDataProtector protector) { return((protector as ITimeLimitedDataProtector) ?? new TimeLimitedDataProtector(protector.CreateProtector(TimeLimitedDataProtector.PurposeString))); }