public void Load(TokenCacheNotificationArgs args)
{
var binaryData = _distributedCache.Get(_cacheKey);
try
{
args.TokenCache.DeserializeMsalV3(_protector?.Unprotect(binaryData) ?? binaryData);
}
catch (Exception ex)
{
args.TokenCache.DeserializeMsalV2(_protector?.Unprotect(binaryData) ?? binaryData);
_logger?.Error(ex);
}
}
public static SignInMessage Unprotect(string data, IDataProtector protector)
{
var json = protector.Unprotect(data, "signinmessage");
var message = JsonConvert.DeserializeObject<SignInMessage>(json);
if (DateTime.UtcNow > message.ValidTo)
{
throw new Exception("SignInMessage expired.");
}
return message;
}
public static SignInMessage Unprotect(string data, IDataProtector protector)
{
var settings = new JsonSerializerSettings
{
NullValueHandling = NullValueHandling.Ignore,
DefaultValueHandling = DefaultValueHandling.Ignore
};
var json = protector.Unprotect(data, "signinmessage");
var message = JsonConvert.DeserializeObject<SignInMessage>(json);
if (DateTime.UtcNow > message.ValidTo)
{
throw new Exception("SignInMessage expired.");
}
return message;
}
public DashboardViewModel ToDashboardViewModel(byte[] byteArray)
{
if (byteArray == null)
{
throw new ArgumentNullException(nameof(byteArray));
}
IDataProtector dataProtector = _dataProtectionProvider.CreateProtector("DashboardProtection");
try
{
using (MemoryStream memoryStream = new MemoryStream(dataProtector.Unprotect(byteArray)))
{
using (MemoryStream targetStream = new MemoryStream())
{
using (GZipStream gZipStream = new GZipStream(memoryStream, CompressionMode.Decompress))
{
gZipStream.CopyTo(targetStream);
gZipStream.Flush();
targetStream.Seek(0, SeekOrigin.Begin);
BinaryFormatter binaryFormatter = new BinaryFormatter();
return((DashboardViewModel)binaryFormatter.Deserialize(targetStream));
}
}
}
}
catch (CryptographicException)
{
return(null);
}
catch (InvalidDataException)
{
return(null);
}
catch (SerializationException)
{
return(null);
}
}
public async Task <IActionResult> Index([FromQuery] string removed)
{
var cookie = _shortlistCookieService.Get(Constants.ShortlistCookieName);
if (cookie == default)
{
return(View(new ShortlistViewModel()));
}
var result =
await _mediator.Send(
new GetShortlistForUserQuery { ShortlistUserId = cookie.ShortlistUserId });
var removedProviderName = string.Empty;
if (!string.IsNullOrEmpty(removed))
{
try
{
var base64EncodedBytes = WebEncoders.Base64UrlDecode(removed);
removedProviderName = System.Text.Encoding.UTF8.GetString(_protector.Unprotect(base64EncodedBytes));
}
catch (FormatException e)
{
_logger.LogInformation(e, "Unable to decode provider name from request");
}
catch (CryptographicException e)
{
_logger.LogInformation(e, "Unable to decode provider name from request");
}
}
var viewModel = new ShortlistViewModel
{
Shortlist = result.Shortlist.Select(item => (ShortlistItemViewModel)item).ToList(),
Removed = removedProviderName,
HelpBaseUrl = _config.EmployerDemandFeatureToggle ? _config.EmployerDemandUrl : ""
};
return(View(viewModel));
}
public ViewResult Ogrenciler(string id)
{
//throw new Exception("Hata: Öğrenci gösteriminde hata oluştu.");
int ogrenciId = Convert.ToInt32(protector.Unprotect(id));
Ogrenci ogrenci = _ogrenciRepository.GetOgrenci(ogrenciId);
if (ogrenci == null)
{
Response.StatusCode = 404;
return(View("OgrenciBulunamadi", ogrenciId));
}
HomeOgrencilerViewModel homeOgrencilerViewModel = new HomeOgrencilerViewModel()
{
Ogrenci = ogrenci,
PageTitle = "Ogrenciler"
};
return(View(homeOgrencilerViewModel));
}
// Convert Protected Data into WebHook while getting from Database
protected virtual WebHook ConvertToWebHook(Registration registration)
{
if (registration == null)
{
return(null);
}
try
{
var content = _protector != null?_protector.Unprotect(registration.ProtectedData) : registration.ProtectedData;
var webHook = JsonConvert.DeserializeObject <WebHook>(content, _serializerSettings);
return(webHook);
}
catch (Exception ex)
{
var message = string.Format(CultureInfo.CurrentCulture, Constants.Constants.BadWebHook, typeof(WebHook).Name, ex.Message);
_logger.Error(message, ex);
}
return(null);
}
/// <summary>
/// Decrypts the message
/// </summary>
public string Decrypt(string inputText)
{
inputText.CheckArgumentNull(nameof(inputText));
try
{
var inputBytes = Convert.FromBase64String(inputText);
var bytes = _dataProtector.Unprotect(inputBytes);
return(Encoding.UTF8.GetString(bytes));
}
catch (FormatException ex)
{
_logger.LogError(ex.Message, "Invalid base 64 string. Fall through.");
}
catch (CryptographicException ex)
{
_logger.LogError(ex.Message, "Invalid protected payload. Fall through.");
}
return(null);
}
/// <summary>
/// Converts the provided <paramref name="registration"/> to a <see cref="WebHook"/> instance
/// which is returned from this <see cref="IWebHookStore"/> implementation.
/// </summary>
/// <param name="registration">The instance to convert.</param>
/// <returns>An initialized <see cref="WebHook"/> instance.</returns>
protected virtual WebHook ConvertToWebHook(TRegistration registration)
{
if (registration == null)
{
return(null);
}
try
{
string content = _protector != null?_protector.Unprotect(registration.ProtectedData) : registration.ProtectedData;
WebHook webHook = JsonConvert.DeserializeObject <WebHook>(content, _serializerSettings);
return(webHook);
}
catch (Exception ex)
{
string msg = string.Format(CultureInfo.CurrentCulture, StorageResources.SqlStore_BadWebHook, typeof(WebHook).Name, ex.Message);
_logger.Error(msg, ex);
}
return(null);
}
public ViewResult Details(string id)
{
string decryptedId = dataProtector.Unprotect(id);
Employee employee = _employeeRepository.GetEmployee(Convert.ToInt32(decryptedId));
if (employee == null)
{
//Error view is used to display an error here
ViewBag.Title = "Error";
ViewBag.Message = "Emplyee Not found";
return(View("Error"));
}
var vm = new HomeDetailsViewModel()
{
Employee = employee,
PageTitle = "Employee Details"
};
ViewBag.Title = $"Employee {decryptedId}";
return(View(vm));
}
public ViewResult Details(string id)
{
int employeeId = Convert.ToInt32(protector.Unprotect(id));
Employee employee = _employeeRepository.GetEmployee(employeeId);
if (employee == null)
{
Response.StatusCode = 404;
return(View("EmployeeNotFound", employeeId));
}
HomeDetailsViewModel homeDetailsViewModel = new HomeDetailsViewModel
{
PageTitle = "Employee-Details",
Employee = employee
};
return(View(homeDetailsViewModel));
}
/// <summary>
/// 使用X509Certificate2证书解密字符串
/// </summary>
/// <param name="decryptStr">待解密字符串</param>
/// <param name="services"></param>
/// <returns></returns>
public static string X509Certificate2Decrypt(
string decryptStr,
InputParameter options)
{
ServiceCollection service = new ServiceCollection();
service.AddDataProtection()
.PersistKeysToFileSystem(new DirectoryInfo(
options.SecretKeyPath))
.SetApplicationName(
options.ApplicationName)
.ProtectKeysWithCertificate(
new X509Certificate2(options.CertFilePath, options.CertPassWord));
IDataProtectionProvider protector = service
.BuildServiceProvider().GetService <IDataProtectionProvider>();
IDataProtector dataProtector = protector.CreateProtector(options.Purpose);
return(dataProtector.Unprotect(decryptStr));
}
public void ConfigureServices(IServiceCollection services)
{
if (Environment.IsDevelopment())
{
services.Configure <TestOption>(Configuration.GetSection("TestOption"));
}
else
{
// 注入数据保护需要的Option
services.Configure <ProtectionOption>(Configuration.GetSection("ProtectionOption"));
// 注入数据保护服务(依赖指定证书)
IDataProtector dataProtector = services.AddDataProtectionWithX509();
// 解密字符串
string connStr = dataProtector.Unprotect(Configuration.GetSection("Database:DbConnection").Value);
Console.WriteLine($"Sit:ConnStr:{connStr}");
// 解密Option;Option上带有EncryptedAttribute标记的属性将会被解密
services.ProtectedConfigure <TestOption>(Configuration.GetSection("TestOption"));
}
services.AddControllers();
}
public Task <Message <TModel> > ReadAsync(string value)
{
Message <TModel> result = null;
if (!String.IsNullOrWhiteSpace(value))
{
try
{
var bytes = Base64Url.Decode(value);
bytes = _protector.Unprotect(bytes);
var json = Encoding.UTF8.GetString(bytes);
result = ObjectSerializer.FromString <Message <TModel> >(json);
}
catch (Exception ex)
{
_logger.LogError(ex, "Exception reading protected message");
}
}
return(Task.FromResult(result));
}
public ViewResult Details(string Id)
{
//throw new Exception("Error in details view ");
logger.LogTrace("trace");
logger.LogDebug("debugg");
logger.LogInformation("information");
logger.LogWarning("warning");
logger.LogError("Error");
logger.LogCritical("critical");
int employeeId = Convert.ToInt32(protector.Unprotect(Id));
Employee employee = _employeeRepository.GetEmployee(employeeId);
if (employee == null)
{
Response.StatusCode = 404;
return(View("EmployeeNotFound", employeeId));
}
HomeDetailsViewModel homeDetailsViewModel = new HomeDetailsViewModel()
{
Employee = employee,
PageTitle = "Employee Details page "
};
// return Json(new { id = 1 ,name="balqees" });
// Employee model = _employeeRepository.GetEmployee(3);
//// ViewBag.Employee = model;
// ViewBag.EmployeeTitle = "Employee Details ";
//ViewData["Employee"] = model;
//ViewData["EmployeeTitle"] = "Employee Details ";
return(View(homeDetailsViewModel));
}
public IActionResult Index(LoginViewModel viewModel)
{
if (!ModelState.IsValid)//O Model é LoginViewModel. Por causa dos atributos o Java replicou lá.
{
return(View(viewModel));
}
var contato = _db.Contatos.Where(c => c.Email == viewModel.Email &&
_protectorProvider.Unprotect(c.Senha) == viewModel.Senha).SingleOrDefault();
if (contato == null)
{
//validação do modelo
ModelState.AddModelError("", "Usuário ou Senha incorreto");
return(View(viewModel));//Para o campo e-mail aparecer digitado
}
//Claims é um objeto. Tudo isso para cookie
var claims = new List <Claim> //uma lista
{ //ctrl c v
new Claim(ClaimTypes.Name, contato.Nome),
new Claim(ClaimTypes.Email, contato.Email),
//new Claim(ClaimTypes.Role, "Admin"),//Perfil apenas para teste depoiis volart
new Claim(ClaimTypes.Role, "Vendedor"), //Role - Perfil
new Claim("Contato", "Criar")
}; //Depois que está logado essas informações aparecem
var identidade = new ClaimsIdentity(claims, _tipoAutenticacao); //As permissões são as claims
var principal = new ClaimsPrincipal(identidade); //qUAL DEles é o principal. Tudo o que fizemos é para chegar na 3ª linha
//Http context o que necessário estar disponível para eu fazer a autenticação
HttpContext.Authentication.SignInAsync(_tipoAutenticacao, principal);
return(RedirectToAction("Index", "Home"));
//Action e o Controller
}
private Key Unprotect(Key key)
{
var resultKey = new Key(key.Name, null);
var protector = _dataProtector as IPersistedDataProtector;
if (protector != null)
{
bool wasRevoked, requiresMigration;
byte[] data = WebEncoders.Base64UrlDecode(key.Value);
byte[] result = protector.DangerousUnprotect(data, false, out requiresMigration, out wasRevoked);
resultKey.Value = Encoding.UTF8.GetString(result);
resultKey.IsStale = requiresMigration;
}
else
{
resultKey.Value = _dataProtector.Unprotect(key.Value);
}
return(resultKey);
}
public IActionResult AES(AESInfo aes)
{
string message = string.Empty;
if (ModelState.IsValid)
{
string userInfo = aes.UserId + aes.Password;
aes.EncUserInfo = _protector.Protect(userInfo); //암호화 정보
aes.DecUserInfo = _protector.Unprotect(aes.EncUserInfo); //복호화 정보
ViewData["Message"] = "암복호화가 성공적으로 이루어졌습니다.";
return(View(aes));
}
else
{
message = "암복호화를 위한 정보를 올바르게 입력하세요.";
}
ModelState.AddModelError(string.Empty, message);
return(View(aes));
}
public T Unprotect <T>(string input, bool sessionBase = true)
{
try
{
string _jsonData = null;
if (sessionBase)
{
_jsonData = protectorSessionBase.Unprotect(input);
}
else
{
_jsonData = protector.Unprotect(input);
}
return(JsonConvert.DeserializeObject <T>(_jsonData));
}
catch (Exception)
{
return(default(T));
}
}
/// <summary>
/// Reads the pass phrase hash.
/// </summary>
/// <returns>The pass phrase hash.</returns>
internal byte[] ReadPassPhraseHash()
{
var registryValue = _registryStore.Read(KeyName);
if (registryValue == null)
{
return(new byte[] { });
}
var registryValueBytes = Convert.FromBase64String(registryValue);
var entropy = new byte[16];
var cipherValue = new byte[registryValueBytes.Length - 16];
Array.Copy(registryValueBytes, 0, entropy, 0, 16);
Array.Copy(registryValueBytes, 16, cipherValue, 0, cipherValue.Length);
var passPhraseHash = _dataProtector.Unprotect(cipherValue, entropy);
return(passPhraseHash);
}
/// <summary>
/// Reads the cache data from the backend database.
/// </summary>
private void ReadCacheForSignedInUser()
{
if (_inMemoryCache == null) // first time access
{
_inMemoryCache = GetLatestUserRecordQuery().FirstOrDefault();
}
else
{
// retrieve last written record from the DB
var lastwriteInDb = GetLatestUserRecordQuery().Select(n => n.LastWrite).FirstOrDefault();
// if the persisted copy is newer than the in-memory copy
if (lastwriteInDb > _inMemoryCache.LastWrite)
{
// read from from storage, update in-memory copy
_inMemoryCache = GetLatestUserRecordQuery().FirstOrDefault();
}
}
// Send data to the TokenCache instance
_userTokenCache.DeserializeMsalV3((_inMemoryCache == null) ? null : _dataProtector.Unprotect(_inMemoryCache.CacheBits));
}
public async Task <FundsTransferResponse> ValidateTransactionByRef(string transactionRef)
{
FundsTransferResponse response = new FundsTransferResponse();
var oralConnect = new OracleConnection(_protector.Unprotect(_appSettings.FlexConnection));
using (oralConnect)
{
string query = $@"SELECT * FROM {_appSettings.FlexSchema}.ACTB_DAILY_LOG WHERE AUTH_STAT = ‘A’ AND TRN_REF_NO = :transactionRef";
var r = await oralConnect.QueryAsync <string>(query, new { transactionRef });
response.message = r.FirstOrDefault();
if (!string.IsNullOrWhiteSpace(response.message))
{
response.status = "true";
}
}
return(response);
}
public string Protect(string input)
{
// get the path to %LOCALAPPDATA%\myapp-keys
string destFolder = Path.Combine(Environment.GetEnvironmentVariable("LOCALAPPDATA"), "blockcore-keys");
// instantiate the data protection system at this folder
IDataProtectionProvider dataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(destFolder));
IDataProtector protector = dataProtectionProvider.CreateProtector("Blockcore");
// protect the payload
string protectedPayload = protector.Protect(input);
Console.WriteLine($"Protect returned: {protectedPayload}");
// unprotect the payload
string unprotectedPayload = protector.Unprotect(protectedPayload);
Console.WriteLine($"Unprotect returned: {unprotectedPayload}");
return(protectedPayload);
}
public DashboardSettingsViewModel ToDashboardSettingsViewModel(byte[] byteArray)
{
if (byteArray == null)
{
throw new ArgumentNullException(nameof(byteArray));
}
IDataProtector dataProtector = _dataProtectionProvider.CreateProtector("SettingsProtection");
try
{
return(JsonSerialization.FromByteArray <DashboardSettingsViewModel>(dataProtector.Unprotect(byteArray)));
}
catch (CryptographicException)
{
return(null);
}
catch (SerializationException)
{
return(null);
}
}
public string Decrypt(string payload)
{
try
{
return(_protector.Unprotect(payload));
}
catch (CryptographicException e)
{
var persistedProtector = _protector as IPersistedDataProtector;
if (persistedProtector == null)
{
throw new Exception("Can't call DangerousUnprotect.");
}
var plain = persistedProtector.DangerousUnprotect(
WebEncoders.Base64UrlDecode(payload),
true,
out var migrate,
out var revoked);
return(Encoding.UTF8.GetString(plain));
}
}
private JwtTokens UnprotectTokens(JwtTokens protectedTokens)
{
// Create a Protector and start unprotecting the tokens
IDataProtector authProtector = this.protectionProvider.CreateProtector(TokenProtector);
IDataProtector accessTokenProtector = authProtector.CreateProtector(AccessTokenProtector);
string accessToken = accessTokenProtector.Unprotect(protectedTokens.AccessToken);
IDataProtector idTokenProtector = authProtector.CreateProtector(IdTokenProtector);
string idToken = idTokenProtector.Unprotect(protectedTokens.IdToken);
IDataProtector refreshTokenProtector = authProtector.CreateProtector(RefreshTokenProtector);
string refreshToken = refreshTokenProtector.Unprotect(protectedTokens.RefreshToken);
// Return the unprotected tokens for use.
return(new JwtTokens
{
AccessToken = accessToken,
IdToken = idToken,
RefreshToken = refreshToken,
});
}
public ViewResult Details(string id)
{
// Decrypt the employee id using Unprotect method
string decryptedId = protector.Unprotect(id);
int decryptedIntId = Convert.ToInt32(decryptedId);
// throw new Exception("Error in details view");
Employee employee = _employeeRepository.GetEmployee(decryptedIntId);
if (employee == null)
{
Response.StatusCode = 404;
return(View("EmployeeNotFound", decryptedIntId));
}
HomeDetailsViewModel homeDetailsViewModel = new HomeDetailsViewModel
{
Employee = employee,
PageTitle = "Employee Details"
};
return(View(homeDetailsViewModel));
}
public string GetCookieFromRequest(HttpContext context)
{
string content = null;
var encrtyptedContent = context.Request.Cookies[CookieNames.LevyEmployerIndicator];
if (string.IsNullOrWhiteSpace(encrtyptedContent))
{
return(null);
}
try
{
content = _dataProtector.Unprotect(encrtyptedContent);
}
catch (CryptographicException ex)
{
_logger.LogWarning(ex, "Couldn't decrypt levy cookie. Probably due to recent release changing DataProtection keys");
DeleteCookie(context.Response);
}
return(content);
}
public bool Unprotect(string encryptedText, out string?decrypted)
{
decrypted = null;
byte[] decryptedBytes;
try
{
var encryptedBytes = Convert.FromBase64String(encryptedText);
decryptedBytes = _protector.Unprotect(encryptedBytes);
}
catch
{
return(false);
}
var utf8 = new UTF8Encoding();
decrypted = utf8.GetString(decryptedBytes);
return(true);
}
public ActionResult <string> GetEncryption()
{
string plainText = "Lorem Ipsum Dolor Sit Amet";
string encryptedText = protector.Protect(plainText);
string decryptedText = protector.Unprotect(encryptedText);
//var protectorTimeLimit = protector.ToTimeLimitedDataProtector();
//string encryptedTextLimitedByTime = protectorTimeLimit.Protect(plainText, TimeSpan.FromSeconds(5));
//Thread.Sleep(6000);
//string decryptedTextLimitedByTime = protectorTimeLimit.Unprotect(encryptedTextLimitedByTime);
var result = new
{
plainText,
encryptedText,
decryptedText,
//encryptedTextLimitedByTime,
//decryptedTextLimitedByTime
};
return(Ok(result));
}
public static ICollection <string> GetAccessibleResources(this Controller controller, IDataProtector dataProtector)
{
if (controller == null)
{
throw new ArgumentNullException(nameof(controller));
}
if (dataProtector == null)
{
throw new ArgumentNullException(nameof(dataProtector));
}
if (!controller.Request.Cookies.ContainsKey(Constants.DefaultCookieName))
{
return(new string[0]);
}
var cookieValue = controller.Request.Cookies[Constants.DefaultCookieName];
var unprotected = dataProtector.Unprotect(cookieValue);
return(JsonConvert.DeserializeObject <ICollection <string> >(unprotected));
}
public bool TryParseCircuitId(string?text, out CircuitId circuitId)
{
if (text is null)
{
circuitId = default;
return(false);
}
try
{
var protectedBytes = Base64UrlTextEncoder.Decode(text);
var unprotectedBytes = _protector.Unprotect(protectedBytes);
if (unprotectedBytes.Length != SecretLength)
{
// Wrong length
circuitId = default;
return(false);
}
var id = new byte[IdLength];
Array.Copy(
sourceArray: unprotectedBytes,
sourceIndex: SecretLength - IdLength,
destinationArray: id,
destinationIndex: 0,
length: IdLength);
circuitId = new CircuitId(text, Base64UrlTextEncoder.Encode(id));
return(true);
}
catch (Exception)
{
// The payload format is not correct (either not base64urlencoded or not data protected)
circuitId = default;
return(false);
}
}
private static StoredRequestState ExtractRequestState(IDataProtector dataProtector, OwinContext context)
{
var cookieData = context.Response.Headers["Set-Cookie"].Split(';', '=')[1];
return new StoredRequestState(
dataProtector.Unprotect(
HttpRequestData.GetBinaryData(cookieData)));
}
internal static RSAParameters? DecryptKey(IDataProtector protector, byte[] buffer, out string usage) {
if (protector == null) {
throw new ArgumentNullException(nameof(protector));
}
if (buffer == null) {
throw new ArgumentNullException(nameof(buffer));
}
usage = null;
// Note: an exception thrown in this block may be caused by a corrupted or inappropriate key
// (for instance, if the key was created for another application or another environment).
// Always catch the exception and return null in this case to avoid leaking sensitive data.
try {
var bytes = protector.Unprotect(buffer);
if (bytes == null) {
return null;
}
using (var stream = new MemoryStream(bytes))
using (var reader = new BinaryReader(stream)) {
if (/* version: */ reader.ReadInt32() != 2) {
return null;
}
// Note: only RSA keys are currently supported. Return null if another format has been used.
if (!string.Equals(/* algorithm: */ reader.ReadString(), "RSA", StringComparison.OrdinalIgnoreCase)) {
return null;
}
// Read the usage from the serialized key.
usage = reader.ReadString();
// Extract the RSA parameters from the serialized key.
return new RSAParameters {
D = reader.ReadBytes(reader.ReadInt32()),
DP = reader.ReadBytes(reader.ReadInt32()),
DQ = reader.ReadBytes(reader.ReadInt32()),
Exponent = reader.ReadBytes(reader.ReadInt32()),
InverseQ = reader.ReadBytes(reader.ReadInt32()),
Modulus = reader.ReadBytes(reader.ReadInt32()),
P = reader.ReadBytes(reader.ReadInt32()),
Q = reader.ReadBytes(reader.ReadInt32())
};
}
}
catch {
return null;
}
}
