public string Read(string token)
{
var data = LoadJsonFromFile();
if (data == null || data.Count == 0)
{
return(null);
}
var tokenStorageItem = data.FirstOrDefault(i => i.Token.Equals(token));
if (tokenStorageItem == null)
{
return(null);
}
if (string.IsNullOrWhiteSpace(tokenStorageItem.EcnryptedValue) ||
string.IsNullOrWhiteSpace(tokenStorageItem.SaltValue))
{
return(null);
}
var decrypted = EncryptionProvider.Decrypt(tokenStorageItem.EcnryptedValue,
KeyVaultUtil.GetSecureSecretFromVault(),
tokenStorageItem.SaltValue);
return(decrypted);
}
private static void ConfigureCosmosDB(IServiceCollection services, IConfiguration configuration)
{
services.AddTransient <Func <string, CosmosDbSetting> >(serviceProvider => name =>
{
var kvSetting = serviceProvider.GetRequiredService <KeyVaultSetting>();
var kvCert = CertUtil.FindCertificateByThumbprint(kvSetting.AuthCertThumbprint);
var kvClient = new KeyVaultUtil(kvSetting.VaultName, kvSetting.AuthClientId, kvCert);
switch (name)
{
case "graph":
var graphDbKey = kvClient.GetSecret(kvSetting.GraphDbAuthKeySecretName).Result;
var graphDbSetting = new CosmosDbSetting()
{
AccountName = configuration["graphDb:accountName"],
DbName = configuration["graphDb:dbName"],
CollectionName = configuration["graphDb:collectionName"],
AuthKey = graphDbKey
};
return(graphDbSetting);
default:
var docDbKey = kvClient.GetSecret(kvSetting.DocDbAuthKeySecretName).Result;
var docDbSetting = new CosmosDbSetting()
{
AccountName = configuration["docDb:accountName"],
DbName = configuration["docDb:dbName"],
CollectionName = configuration["docDb:collectionName"],
AuthKey = docDbKey
};
return(docDbSetting);
}
});
}
public string Create(string plainText)
{
if (string.IsNullOrEmpty(plainText))
{
throw new ArgumentException("Value cannot be null or empty.", nameof(plainText));
}
var tokenStorageItem = new TokenStorageItem();
var salt = SaltUtil.GenerateSecureRandomSalt();
var encrypted = EncryptionProvider.Encrypt(plainText, KeyVaultUtil.GetSecureSecretFromVault(), salt);
if (encrypted != null)
{
tokenStorageItem = new TokenStorageItem
{
Token = CreateTokenGuid(),
SaltValue = salt,
EcnryptedValue = encrypted,
CreateDateTime = DateTime.UtcNow,
UpdatedDateTime = DateTime.UtcNow
};
}
//write or append to json file
WriteAppendDataItem(tokenStorageItem);
return(tokenStorageItem.Token);
}
public void EncryptDecrypt_WithSpecialChars_Test()
{
var passPhrase = KeyVaultUtil.GetSecureSecretFromVault();
var data = "Some secret user's data¡";
var salt = SaltUtil.GenerateSecureRandomSalt();
AesManagedProvider crypto = new AesManagedProvider();
string encrypted = crypto.Encrypt(data, passPhrase, salt);
string decrypted = crypto.Decrypt(encrypted, passPhrase, salt);
Assert.AreEqual(data, decrypted);
}
public void Decrypt_FailSalt_Test()
{
var passPhrase = KeyVaultUtil.GetSecureSecretFromVault();
var data = "4111111111111111";
var salt = SaltUtil.GenerateSecureRandomSalt();
AesManagedProvider crypto = new AesManagedProvider();
string encrypted = crypto.Encrypt(data, passPhrase, salt);
string decrypted = crypto.Decrypt(encrypted, passPhrase, "sldfjsdlksld");
Assert.IsNull(decrypted);
}
public void EncryptDecrypt_CC_Number_Test()
{
var passPhrase = KeyVaultUtil.GetSecureSecretFromVault();
var data = "4111111111111111";
var salt = SaltUtil.GenerateSecureRandomSalt();
AesManagedProvider crypto = new AesManagedProvider();
string encrypted = crypto.Encrypt(data, passPhrase, salt);
string decrypted = crypto.Decrypt(encrypted, passPhrase, salt);
Assert.AreEqual(data, decrypted);
}
public void EncryptDecrypt_LargeText__Test()
{
var passPhrase = KeyVaultUtil.GetSecureSecretFromVault();
var data = "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. " +
"Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure " +
"dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. " +
"Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.";
var salt = SaltUtil.GenerateSecureRandomSalt();
AesManagedProvider crypto = new AesManagedProvider();
string encrypted = crypto.Encrypt(data, passPhrase, salt);
string decrypted = crypto.Decrypt(encrypted, passPhrase, salt);
Assert.AreEqual(data, decrypted);
}
public Jwks Get()
{
var jwkList = new List <Jwk>();
foreach (JsonWebKey k in KeyVaultUtil.GetJwks().Keys)
{
var jwk = new Jwk()
{
Kid = k.Kid,
Kty = k.Kty,
Alg = k.Alg,
E = k.E,
N = k.N
};
jwkList.Add(jwk);
}
return(new Jwks
{
Keys = jwkList
});
}
