private void HelperCryptCreate(IKeySetWriter writer, IKeySet keySet, string kspath,
IKeySet nonEncryptedKS = null, IKeySetWriter nonEncryptedWriter = null)
{
using (var ks = new MutableKeySet(nonEncryptedKS ?? keySet))
{
var ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(nonEncryptedWriter ?? writer);
Expect(success, Is.True);
}
using (var encrypter = new Encrypter(nonEncryptedKS ?? keySet))
{
var ciphertext = encrypter.Encrypt(input);
File.WriteAllText(Path.Combine(kspath, "1.out"), ciphertext);
}
using (var ks = new MutableKeySet(keySet))
{
var ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(2));
var success = ks.Save(writer);
Expect(success, Is.True);
}
using (var encrypter = new Encrypter(keySet))
{
var ciphertext = encrypter.Encrypt(input);
File.WriteAllText(Path.Combine(kspath, "2.out"), ciphertext);
}
}
public void TestAddKeySizeFails()
{
using (var reader = new MutableKeySet(Util.TestDataPath(TEST_DATA, "aes-noprimary")))
{
Expect(() => reader.AddKey(KeyStatus.Primary, keySize: 16), Throws.TypeOf <InvalidKeyTypeException>());
}
}
public override int Run(string[] remainingArguments)
{
using (var keySet = new MutableKeySet(_location))
{
var status = keySet.Promote(_version);
if (status == null)
{
Console.WriteLine("{0} {1}.", Localized.MsgUnknownVersion, _version);
return(-1);
}
try
{
if (keySet.Save(new FileSystemKeySetWriter(_location, overwrite: true)))
{
Console.WriteLine(Localized.MsgPromotedVersion, _version, status);
return(0);
}
}
catch
{
//error handling unified with falling through - lgtm [cs/empty-catch-block]
}
Console.WriteLine("{0} {1}.", Localized.MsgCouldNotWrite, _location);
return(-1);
}
}
public void TestAddUnknownProperty()
{
using (var reader = new MutableKeySet(Util.TestDataPath(TEST_DATA, "aes-noprimary")))
{
Expect(() => reader.AddKey(KeyStatus.Primary, options: new{ FakeProp = "BlahBlah" }), Throws.Nothing);
}
}
public override int Run(string[] remainingArguments)
{
using (var keySet = new MutableKeySet(_location))
{
var status = keySet.Demote(_version);
if (status == null)
{
Console.WriteLine("{0} {1}", Localized.MsgUnknownVersion, _version);
return(-1);
}
try
{
if (keySet.Save(new KeySetWriter(_location, overwrite: true)))
{
Console.WriteLine(Localized.MsgDemotedVersion, _version, status);
return(0);
}
}
catch
{
}
}
Console.WriteLine("{0} {1}", Localized.MsgCouldNotWrite, _location);
return(-1);
}
public override int Run(string[] remainingArguments)
{
KeyPurpose purpose = _pupose == "sign" ? KeyPurpose.SignAndVerify : KeyPurpose.DecryptAndEncrypt;
KeyType type = PickKeyType(purpose);
var meta = new KeyMetadata()
{
Name = _name,
Purpose = purpose,
KeyType = type,
};
using (var keySet = new MutableKeySet(meta))
{
if (keySet.Save(new KeySetWriter(_location)))
{
Console.WriteLine(Localized.MsgCreatedKeySet);
return(0);
}
}
Console.WriteLine("{0} {1}.", Localized.MsgExistingKeySet, _location);
return(-1);
}
public override int Run(string[] remainingArguments)
{
using (var keySet = new MutableKeySet(_location))
{
var status = keySet.Revoke(_version);
if (!status)
{
Console.WriteLine("{0} {1}.", Localized.MsgCouldNotRevoke, _version);
return(-1);
}
try
{
if (keySet.Save(new FileSystemKeySetWriter(_location, overwrite: true)))
{
Console.WriteLine("{0} {1}.", Localized.MsgRevokedVersion, _version);
return(0);
}
}
catch
{
Console.WriteLine("{0} {1}.", Localized.MsgCouldNotWrite, _location);
}
return(-1);
}
}
public void CreateNoPrimary(string keyType, string topDir)
{
KeyType type = keyType;
var kspath = Util.TestDataPath(WRITE_DATA, topDir);
var writer = new KeySetWriter(kspath, overwrite: true);
using (var ks = CreateNewKeySet(type, KeyPurpose.DecryptAndEncrypt))
{
int ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(writer);
Expect(success, Is.True);
}
using (var encrypter = new Encrypter(kspath))
{
var ciphertext = encrypter.Encrypt(input);
File.WriteAllText(Path.Combine(kspath, "1.out"), ciphertext);
}
using (var ks = new MutableKeySet(kspath))
{
var status = ks.Demote(1);
Expect(status, Is.EqualTo(KeyStatus.Active));
var success = ks.Save(writer);
Expect(success, Is.True);
}
}
public override int Run(string[] remainingArguments)
{
KeyPurpose purpose = _pupose == "sign" ? KeyPurpose.SignAndVerify : KeyPurpose.DecryptAndEncrypt;
KeyType officalKeyType = null;
if (!_unofficial)
{
officalKeyType = PickKeyTypeOfficialKeyczar(purpose);
}
var meta = new KeyMetadata(officialMetaDataKeyType: officalKeyType)
{
Name = _name,
Purpose = purpose,
Kind = _asymm ? KeyKind.Private : KeyKind.Symmetric,
};
using (var keySet = new MutableKeySet(meta))
{
if (keySet.Save(new FileSystemKeySetWriter(_location)))
{
Console.WriteLine(Localized.MsgCreatedKeySet);
return(0);
}
}
Console.WriteLine("{0} {1}.", Localized.MsgExistingKeySet, _location);
return(-1);
}
public void TestPromotePrimary()
{
using (var reader = new MutableKeySet(Util.TestDataPath(TEST_DATA, "aes-noprimary"))){
var status = reader.Promote(1);
Expect(status, Is.EqualTo(KeyStatus.Primary));
Expect(() => new GetPrimary(reader).GetPrimaryExposed(), Is.Not.Null);
}
}
public void TestRevoke()
{
using (var reader = new MutableKeySet(Util.TestDataPath(TEST_DATA, "aes-noprimary"))){
var status = reader.Demote(1);
Expect(status, Is.EqualTo(KeyStatus.Inactive));
var re = reader.Revoke(1);
Expect(re, Is.True);
Expect(reader.Metadata.Versions.Any(), Is.False);
}
}
public override int Run(string[] remainingArguments)
{
IKeySet ks = new FileSystemKeySet(_location);
bool add = !ks.Metadata.Encrypted;
Func <string> prompt = CachedPrompt.Password(Util.PromptForPassword).Prompt;
if (!add)
{
Console.WriteLine(Localized.PasswordPromptOldPassword);
ks = new PbeKeySet(ks, prompt);
}
using (ks as PbeKeySet)
using (var keySet = new MutableKeySet(ks))
{
keySet.ForceKeyDataChange();
IKeySetWriter writer = new FileSystemKeySetWriter(_location, overwrite: true);
if (!_remove)
{
Console.WriteLine(Localized.PasswordPromptNewPassword);
Func <string> newPrompt = CachedPrompt.Password(Util.DoublePromptForPassword).Prompt;
writer = new PbeKeySetWriter(writer, newPrompt);
}
else
{
keySet.Metadata.Encrypted = false;
}
using (writer as PbeKeySetWriter)
{
if (keySet.Save(writer))
{
if (_remove)
{
Console.WriteLine(Localized.MsgRemovedPassword);
}
else if (add)
{
Console.WriteLine(Localized.MsgAddedPasssword);
}
else
{
Console.WriteLine(Localized.MsgChangedPassword);
}
return(0);
}
return(-1);
}
}
}
public void TestOverwriteFalse()
{
using (var ks = new MutableKeySet(new KeyMetadata {
Name = "Don't Write", Purpose = KeyPurpose.DecryptAndEncrypt, Kind = KeyKind.Symmetric
}))
{
ks.AddKey(KeyStatus.Primary);
var writer = new FileSystemKeySetWriter(Util.TestDataPath(TEST_DATA, "pbe_json"), overwrite: false);
Expect(() => ks.Save(writer), Is.False);
}
}
public void TestCreateBlob()
{
Directory.CreateDirectory(Util.TestDataPath(WRITE_DATA, ""));
var keyMetaData = new KeyMetadata
{
Name = "Blob",
Purpose = KeyPurpose.DecryptAndEncrypt,
Kind = KeyKind.Symmetric
};
using (var keySet = new MutableKeySet(keyMetaData))
{
keySet.AddKey(KeyStatus.Primary, 256);
using (var stream = File.OpenWrite(Util.TestDataPath(WRITE_DATA, "cryptkey.zip", "unofficial")))
using (var writer = new BlobKeySetWriter(stream))
{
keySet.Save(writer);
}
using (var crypt = new Crypter(keySet))
{
File.WriteAllText(Util.TestDataPath(WRITE_DATA, "crypt.out", "unofficial"), crypt.Encrypt(input));
var keyMetaData2 = new KeyMetadata
{
Name = "Blob",
Purpose = KeyPurpose.SignAndVerify,
Kind = KeyKind.Private
};
using (var keySet2 = new MutableKeySet(keyMetaData2))
{
keySet2.AddKey(KeyStatus.Primary);
using (var stream2 = File.OpenWrite(Util.TestDataPath(WRITE_DATA, "signkey.zip", "unofficial")))
using (var writer2 = new BlobKeySetWriter(stream2))
{
keySet2.Save(new EncryptedKeySetWriter(writer2, crypt));
}
using (var signer = new Signer(keySet2))
{
File.WriteAllText(Util.TestDataPath(WRITE_DATA, "sign.out", "unofficial"),
signer.Sign(input));
}
}
}
}
}
public void CreateEncryptAndPublic(string keyType, string topDir)
{
KeyType type = keyType;
var kspath = Util.TestDataPath(WRITE_DATA, topDir);
var writer = new KeySetWriter(kspath, overwrite: true);
using (var ks = CreateNewKeySet(type, KeyPurpose.DecryptAndEncrypt))
{
var ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(writer);
Expect(success, Is.True);
}
using (var encrypter = new Encrypter(kspath))
{
var ciphertext = encrypter.Encrypt(input);
File.WriteAllText(Path.Combine(kspath, "1.out"), ciphertext);
}
using (var ks = new MutableKeySet(kspath))
{
var ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(2));
var success = ks.Save(writer);
Expect(success, Is.True);
}
using (var encrypter = new Encrypter(kspath))
{
var ciphertext = encrypter.Encrypt(input);
File.WriteAllText(Path.Combine(kspath, "2.out"), ciphertext);
}
if (type.Asymmetric)
{
var kspath2 = Util.TestDataPath(WRITE_DATA, topDir + ".public");
var writer2 = new KeySetWriter(kspath2, overwrite: true);
using (var ks = new MutableKeySet(kspath))
{
var pubKs = ks.PublicKey();
var success = pubKs.Save(writer2);
Expect(success, Is.True);
}
}
}
public void CreateSignAndPublicSized(string keyType, string topDir, string nestDir)
{
KeyType type = keyType;
topDir += "-sizes";
var kspath = Util.TestDataPath(WRITE_DATA, topDir, nestDir);
var writer = new KeySetWriter(kspath, overwrite: true);
using (var ks = CreateNewKeySet(type, KeyPurpose.SignAndVerify))
{
var success = ks.Save(writer);
Expect(success, Is.True);
}
int i = 0;
foreach (int size in type.KeySizeOptions)
{
i++;
using (var ks = new MutableKeySet(kspath))
{
var ver = ks.AddKey(KeyStatus.Primary, size);
Expect(ver, Is.EqualTo(i));
var success = ks.Save(writer);
Expect(success, Is.True);
}
using (var encrypter = new Signer(kspath))
{
var ciphertext = encrypter.Sign(input);
File.WriteAllText(Path.Combine(kspath, String.Format("{0}.out", size)), ciphertext);
}
}
if (type.Asymmetric)
{
var kspath2 = Util.TestDataPath(WRITE_DATA, topDir + ".public", nestDir);
var writer2 = new KeySetWriter(kspath2, overwrite: true);
using (var ks = new MutableKeySet(kspath))
{
var pubKs = ks.PublicKey();
var success = pubKs.Save(writer2);
Expect(success, Is.True);
}
}
}
public void CreateNoPrimary()
{
using (var writer = CreateNewStorageWriter(DefaultContainer, "no-primary"))
using (var ks = CreateNewKeySetMeta(KeyKind.Symmetric, KeyPurpose.DecryptAndEncrypt))
{
int ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(writer);
Expect(success, Is.True);
}
WebBase64 cipherText = null;
using (var origKs = new StorageKeySet(GetClientCred(), DefaultContainer, "no-primary"))
using (var encrypter = new Encrypter(origKs))
{
cipherText = encrypter.Encrypt(Input);
}
using (var origKs = new StorageKeySet(GetClientCred(), DefaultContainer, "no-primary"))
using (var ks = new MutableKeySet(origKs))
using (var writer = CreateNewStorageWriter(DefaultContainer, "no-primary"))
{
var status = ks.Demote(1);
Expect(status, Is.EqualTo(KeyStatus.Active));
var success = ks.Save(writer);
Expect(success, Is.True);
}
using (var origKs = new StorageKeySet(GetClientCred(), DefaultContainer, "no-primary"))
using (var crypter = new Crypter(origKs))
{
var output = crypter.Decrypt(cipherText);
Expect(output, Is.EqualTo(Input));
}
}
public override int Run(string[] remainingArguments)
{
var ret = 0;
Crypter crypter = null;
IKeySet ks = new FileSystemKeySet(_location);
Func <string> crypterPrompt = CachedPrompt.Password(Util.PromptForPassword).Prompt;
var prompt = ks.Metadata.Encrypted
? new Func <string>(CachedPrompt.Password(Util.PromptForPassword).Prompt)
: new Func <string>(CachedPrompt.Password(Util.DoublePromptForPassword).Prompt);
IDisposable dks = null;
if (!String.IsNullOrWhiteSpace(_crypterLocation))
{
if (_password)
{
var cks = KeySet.LayerSecurity(
FileSystemKeySet.Creator(_crypterLocation),
PbeKeySet.Creator(crypterPrompt)
);
crypter = new Crypter(cks);
dks = cks;
}
else
{
crypter = new Crypter(_crypterLocation);
}
ks = new EncryptedKeySet(ks, crypter);
}
else if (_password)
{
ks = new PbeKeySet(ks, prompt);
}
var d2ks = ks as IDisposable;
using (crypter)
using (dks)
using (d2ks)
using (var keySet = new MutableKeySet(ks))
{
if (_status != KeyStatus.Primary && _status != KeyStatus.Active)
{
Console.WriteLine("{0} {1}.", Localized.MsgInvalidStatus, _status.Identifier);
return(-1);
}
object options = null;
if (!String.IsNullOrWhiteSpace(_padding))
{
options = new { Padding = _padding };
}
int ver;
var type = KeyTypeForString(_type);
if (ks.Metadata.OriginallyOfficial && ks.Metadata.ValidOfficial())
{
var keytype = ks.Metadata.OfficialKeyType();
if (type == null)
{
type = keytype;
}
else if (type != keytype && !_force)
{
throw new ConsoleHelpAsException(String.Format(Localized.MsgMismatchedType, type, keytype));
}
}
try
{
ver = keySet.AddKey(_status, _size, type, options);
}
#pragma warning disable 168
catch (InvalidKeyTypeException ex)
#pragma warning restore 168
{
throw new ConsoleHelpAsException(String.Format(Localized.MsgMismatchedKind, type?.Kind, keySet.Metadata.Kind));
}
IKeySetWriter writer = new FileSystemKeySetWriter(_location, overwrite: true);
if (crypter != null)
{
writer = new EncryptedKeySetWriter(writer, crypter);
}
else if (_password)
{
writer = new PbeKeySetWriter(writer, prompt);
}
using (writer as IDisposable)
{
try
{
if (keySet.Save(writer))
{
Console.WriteLine("{0} {1}.", Localized.MsgCreatedKey, ver);
ret = 0;
}
else
{
ret = -1;
}
}
catch
{
ret = -1;
}
}
}
if (ret != 0)
{
Console.WriteLine("{0} {1}.", Localized.MsgCouldNotWrite, _location);
}
return(ret);
}
public override int Run(string[] remainingArguments)
{
var ret = 0;
Crypter crypter = null;
IKeySet ks = new KeySet(_location);
Func <string> singlePrompt = CachedPrompt.Password(() =>
{
Console.WriteLine(Localized.MsgForKeySet);
return(Util.PromptForPassword());
}).Prompt;
var prompt = ks.Metadata.Encrypted
? singlePrompt
: CachedPrompt.Password(() =>
{
Console.WriteLine(Localized.MsgForKeySet);
return(Util.PromptForPassword());
}).Prompt;
IDisposable dks = null;
if (!String.IsNullOrWhiteSpace(_crypterLocation))
{
if (_password)
{
var cks = new PbeKeySet(_crypterLocation, singlePrompt);
crypter = new Crypter(cks);
dks = cks;
}
else
{
crypter = new Crypter(_crypterLocation);
}
ks = new EncryptedKeySet(ks, crypter);
}
else if (_password)
{
ks = new PbeKeySet(ks, prompt);
}
var d2ks = ks as IDisposable;
using (crypter)
using (dks)
using (d2ks)
using (var keySet = new MutableKeySet(ks))
{
if (_status != KeyStatus.Primary && _status != KeyStatus.Active)
{
Console.WriteLine("{0} {1}.", Localized.Status, _status.Identifier);
return(-1);
}
ImportedKeySet importedKeySet = null;
try
{
importedKeySet = ImportedKeySet.Import.X509Certificate(keySet.Metadata.Purpose, _importLocation);
}
catch
{
importedKeySet = ImportedKeySet.Import.PkcsKey(
keySet.Metadata.Purpose, _importLocation,
CachedPrompt.Password(() =>
{
Console.WriteLine(Localized.MsgForImport);
return(Util.PromptForPassword());
}).Prompt);
}
if (importedKeySet == null)
{
Console.WriteLine(Localized.MsgUnparsableImport);
ret = -1;
}
else
{
if (keySet.Metadata.KeyType != importedKeySet.Metadata.KeyType)
{
if (!keySet.Metadata.Versions.Any())
{
keySet.Metadata.KeyType = importedKeySet.Metadata.KeyType;
}
else
{
ret = -1;
Console.WriteLine(Localized.MsgConflictingKeyTypes,
keySet.Metadata.KeyType.Identifier,
importedKeySet.Metadata.KeyType);
}
}
using (importedKeySet)
{
if (ret != -1)
{
var ver = keySet.AddKey(_status, importedKeySet.GetKey(1));
IKeySetWriter writer = new KeySetWriter(_location, overwrite: true);
if (crypter != null)
{
writer = new EncryptedKeySetWriter(writer, crypter);
}
else if (_password)
{
writer = new PbeKeySetWriter(writer, prompt);
}
if (keySet.Save(writer))
{
Console.WriteLine("{0} {1}.", Localized.MsgImportedNewKey, ver);
ret = 0;
}
else
{
ret = -1;
}
}
}
}
}
return(ret);
}
public void CreateSignAndPublicSized(string keyType, string topDir, string nestDir)
{
KeyType type = keyType;
topDir += "-sizes";
var kspath = Util.TestDataPath(WRITE_DATA, topDir, nestDir);
var writer = new FileSystemKeySetWriter(kspath, overwrite: true);
using (var ks = CreateNewKeySet(type.Kind, KeyPurpose.SignAndVerify))
{
var success = ks.Save(writer);
Expect(success, Is.True);
}
int i = 0;
foreach (int size in type.KeySizeOptions)
{
if (Util.IsSizeTooSlow(size))
{
break;
}
i++;
using (var ks = new MutableKeySet(kspath))
{
var ver = ks.AddKey(KeyStatus.Primary, size, type: type);
Expect(ver, Is.EqualTo(i));
var success = ks.Save(writer);
Expect(success, Is.True);
}
using (var ks = new FileSystemKeySet(kspath))
using (var signer = new Signer(ks))
using (var jwtSigner = new JwtSigner(ks))
{
var ciphertext = signer.Sign(input);
File.WriteAllText(Path.Combine(kspath, $"{size}.out"), ciphertext);
var key = ks.GetPrimaryKey();
if (Jwt.AlgForKey(key) != null)
{
var token = jwtSigner.SignCompact(JObject.Parse(jsonInput));
File.WriteAllText(Path.Combine(kspath, $"{size}.jwt"), token);
}
}
}
if (type.Asymmetric)
{
var kspath2 = Util.TestDataPath(WRITE_DATA, topDir + ".public", nestDir);
var writer2 = new FileSystemKeySetWriter(kspath2, overwrite: true);
using (var ks = new MutableKeySet(kspath))
{
var pubKs = ks.PublicKey();
var success = pubKs.Save(writer2);
Expect(success, Is.True);
}
}
}
public void RevokeOverwrite()
{
var testPath = "revoke-override";
using (var writer = CreateNewStorageWriter(DefaultContainer, testPath))
using (var ks = CreateNewKeySetMeta(KeyKind.Symmetric, KeyPurpose.DecryptAndEncrypt))
{
int ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(writer);
Expect(success, Is.True);
}
WebBase64 origCipherText = null;
WebBase64 origKeyId = null;
using (var ks = new StorageKeySet(GetClientCred(), DefaultContainer, testPath))
using (var encrypter = new Encrypter(ks))
{
origCipherText = encrypter.Encrypt(Input);
origKeyId = WebBase64.FromBytes(ks.Metadata.Versions.First().KeyId);
}
using (var origKs = new StorageKeySet(GetClientCred(), DefaultContainer, testPath))
using (var ks = new MutableKeySet(origKs))
using (var writer = CreateNewStorageWriter(DefaultContainer, testPath))
{
var status = ks.Demote(1);
Expect(status, Is.EqualTo(KeyStatus.Active));
var status2 = ks.Demote(1);
Expect(status2, Is.EqualTo(KeyStatus.Inactive));
var revoked = ks.Revoke(1);
Expect(revoked, Is.True);
var success = ks.Save(writer);
Expect(success, Is.True);
}
using (var writer = CreateNewStorageWriter(DefaultContainer, testPath))
using (var ks = CreateNewKeySetMeta(KeyKind.Symmetric, KeyPurpose.DecryptAndEncrypt))
{
int ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(writer);
Expect(success, Is.True);
}
WebBase64 newCipherText = null;
using (var ks = new StorageKeySet(GetClientCred(), DefaultContainer, testPath))
using (var encrypter = new Encrypter(ks))
{
newCipherText = encrypter.Encrypt(Input);
}
using (var ks = StorageKeySet.Create(GetClientCred(), DefaultContainer, testPath)())
{
var newKeyId = WebBase64.FromBytes(ks.Metadata.Versions.First().KeyId);
var prefix = new byte[KeyczarConst.KeyHashLength];
Array.Copy(newCipherText.ToBytes(), 1, prefix, 0, prefix.Length);
Expect(prefix, Is.Not.EqualTo(origKeyId.ToBytes()));
Expect(prefix, Is.EqualTo(newKeyId.ToBytes()));
}
}
public override int Run(string[] remainingArguments)
{
var ret = 0;
Crypter crypter = null;
IKeySet ks = new FileSystemKeySet(_location);
Func <string> prompt = CachedPrompt.Password(Util.PromptForPassword).Prompt;
IDisposable dks = null;
if (!String.IsNullOrWhiteSpace(_crypterLocation))
{
if (_password)
{
var cks = KeySet.LayerSecurity(FileSystemKeySet.Creator(_crypterLocation),
PbeKeySet.Creator(prompt)
);
crypter = new Crypter(cks);
dks = cks;
}
else
{
crypter = new Crypter(_crypterLocation);
}
ks = new EncryptedKeySet(ks, crypter);
}
else if (_password)
{
ks = new PbeKeySet(ks, prompt);
}
var d2ks = ks as IDisposable;
using (crypter)
using (dks)
using (d2ks)
using (var keySet = new MutableKeySet(ks))
{
var pubKeySet = keySet.PublicKey();
if (pubKeySet != null)
{
using (pubKeySet)
{
IKeySetWriter writer = new FileSystemKeySetWriter(_destination, overwrite: false);
if (pubKeySet.Save(writer))
{
Console.WriteLine(Localized.MsgNewPublicKeySet);
ret = 0;
}
else
{
ret = -1;
}
}
}
else
{
ret = -1;
}
}
return(ret);
}
public override int Run(string[] remainingArguments)
{
var ret = 0;
Crypter crypter = null;
IKeySet ks = new KeySet(_location);
Func <string> crypterPrompt = CachedPrompt.Password(Util.PromptForPassword).Prompt;
var prompt = ks.Metadata.Encrypted
? new Func <string>(CachedPrompt.Password(Util.PromptForPassword).Prompt)
: new Func <string>(CachedPrompt.Password(Util.DoublePromptForPassword).Prompt);
IDisposable dks = null;
if (!String.IsNullOrWhiteSpace(_crypterLocation))
{
if (_password)
{
var cks = new PbeKeySet(_crypterLocation, crypterPrompt);
crypter = new Crypter(cks);
dks = cks;
}
else
{
crypter = new Crypter(_crypterLocation);
}
ks = new EncryptedKeySet(ks, crypter);
}
else if (_password)
{
ks = new PbeKeySet(ks, prompt);
}
var d2ks = ks as IDisposable;
using (crypter)
using (dks)
using (d2ks)
using (var keySet = new MutableKeySet(ks))
{
if (_status != KeyStatus.Primary && _status != KeyStatus.Active)
{
Console.WriteLine("{0} {1}.", Localized.MsgInvalidStatus, _status.Identifier);
return(-1);
}
object options = null;
if (!String.IsNullOrWhiteSpace(_padding))
{
options = new { Padding = _padding };
}
var ver = keySet.AddKey(_status, _size, options);
IKeySetWriter writer = new KeySetWriter(_location, overwrite: true);
if (crypter != null)
{
writer = new EncryptedKeySetWriter(writer, crypter);
}
else if (_password)
{
writer = new PbeKeySetWriter(writer, prompt);
}
using (writer as IDisposable)
{
try
{
if (keySet.Save(writer))
{
Console.WriteLine("{0} {1}.", Localized.MsgCreatedKey, ver);
ret = 0;
}
else
{
ret = -1;
}
}
catch
{
ret = -1;
}
}
}
if (ret != 0)
{
Console.WriteLine("{0} {1}.", Localized.MsgCouldNotWrite, _location);
}
return(ret);
}
//Asymentric key genteration is too slow
//[TestCase("rsa_priv", "rsa", "1024", "crypt")]
//[TestCase("rsa_priv", "rsa-sign", "1024", "sign")]
//[TestCase("dsa_priv", "dsa", "1024", "sign")]
public void CreateKeyCollision(string key, string dir, string sizeString, string purpose)
{
var crypt = purpose == "crypt";
var purp = crypt ? KeyPurpose.DecryptAndEncrypt : KeyPurpose.SignAndVerify;
KeyType ktype = key;
int size = int.Parse(sizeString);
IDictionary <int, Key> keys = new Dictionary <int, Key>();
var kspath = Util.TestDataPath(WRITE_DATA, dir, "key-collision");
var writer = new KeySetWriter(kspath, overwrite: true);
using (var ks = CreateNewKeySet(ktype, purp))
{
var success = ks.Save(writer);
Expect(success, Is.True);
}
long count = 0;
Key newKey2;
using (var ks = new MutableKeySet(kspath))
{
Key newKey1;
while (true)
{
newKey1 = Key.Generate(ktype, size);
int newHash = Utility.ToInt32(newKey1.GetKeyHash());
count++;
if (keys.TryGetValue(newHash, out newKey2))
{
break;
}
keys.Add(newHash, newKey1);
}
Console.WriteLine("Created {1} collision after {0} iterations", count, dir);
var ver = ks.AddKey(KeyStatus.Primary, newKey1);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(writer);
Expect(success, Is.True);
}
if (crypt)
{
using (var encrypter = new Encrypter(kspath))
{
var ciphertext = encrypter.Encrypt(input);
File.WriteAllText(Path.Combine(kspath, "1.out"), ciphertext);
}
}
else
{
using (var signer = new Signer(kspath))
{
var ciphertext = signer.Sign(input);
File.WriteAllText(Path.Combine(kspath, "1.out"), ciphertext);
}
using (var signer = new TimeoutSigner(kspath))
{
var ciphertext = signer.Sign(input, new DateTime(2012, 12, 21, 11, 11, 0, DateTimeKind.Utc));
File.WriteAllText(Path.Combine(kspath, "1.timeout"), ciphertext);
}
using (var signer = new AttachedSigner(kspath))
{
var ciphertext = signer.Sign(input);
File.WriteAllText(Path.Combine(kspath, "1.attached"), ciphertext);
}
using (var signer = new AttachedSigner(kspath))
{
var ciphertext = signer.Sign(input, Encoding.UTF8.GetBytes("secret"));
File.WriteAllText(Path.Combine(kspath, "1.secret.attached"), ciphertext);
}
}
using (var ks = new MutableKeySet(kspath))
{
var ver = ks.AddKey(KeyStatus.Primary, newKey2);
Expect(ver, Is.EqualTo(2));
var success = ks.Save(writer);
Expect(success, Is.True);
}
if (crypt)
{
using (var encrypter = new Encrypter(kspath))
{
var ciphertext = encrypter.Encrypt(input);
File.WriteAllText(Path.Combine(kspath, "2.out"), ciphertext);
}
}
else
{
using (var signer = new Signer(kspath))
{
var ciphertext = signer.Sign(input);
File.WriteAllText(Path.Combine(kspath, "2.out"), ciphertext);
}
using (var signer = new TimeoutSigner(kspath))
{
var ciphertext = signer.Sign(input, new DateTime(2012, 12, 21, 11, 11, 0, DateTimeKind.Utc));
File.WriteAllText(Path.Combine(kspath, "2.timeout"), ciphertext);
}
using (var signer = new AttachedSigner(kspath))
{
var ciphertext = signer.Sign(input);
File.WriteAllText(Path.Combine(kspath, "2.atttached"), ciphertext);
}
using (var signer = new AttachedSigner(kspath))
{
var ciphertext = signer.Sign(input, Encoding.UTF8.GetBytes("secret"));
File.WriteAllText(Path.Combine(kspath, "2.secret.atttached"), ciphertext);
}
}
}
public override int Run(string[] remainingArguments)
{
var ret = 0;
Crypter crypter = null;
IKeySet ks = new FileSystemKeySet(_location);
Func <string> singlePrompt = CachedPrompt.Password(() =>
{
Console.WriteLine(Localized.MsgForKeySet);
return(Util.PromptForPassword());
}).Prompt;
var prompt = ks.Metadata.Encrypted
? singlePrompt
: CachedPrompt.Password(() =>
{
Console.WriteLine(Localized.MsgForKeySet);
return(Util.PromptForPassword());
}).Prompt;
IDisposable dks = null;
if (!String.IsNullOrWhiteSpace(_crypterLocation))
{
if (_password)
{
var cks = KeySet.LayerSecurity(FileSystemKeySet.Creator(_crypterLocation),
PbeKeySet.Creator(singlePrompt));
crypter = new Crypter(cks);
dks = cks;
}
else
{
crypter = new Crypter(_crypterLocation);
}
ks = new EncryptedKeySet(ks, crypter);
}
else if (_password)
{
ks = new PbeKeySet(ks, prompt);
}
var d2ks = ks as IDisposable;
using (crypter)
using (dks)
using (d2ks)
using (var keySet = new MutableKeySet(ks))
{
var official = keySet.Metadata.OriginallyOfficial && keySet.Metadata.ValidOfficial() && !_force;
KeyType hint = null;
if (!String.IsNullOrWhiteSpace(_type))
{
hint = AddKey.KeyTypeForString(_type);
}
if (_status != KeyStatus.Primary && _status != KeyStatus.Active)
{
Console.WriteLine("{0} {1}.", Localized.Status, _status.Identifier);
return(-1);
}
ImportedKeySet importedKeySet = null;
try
{
importedKeySet = ImportedKeySet.Import.X509Certificate(keySet.Metadata.Purpose, _importLocation, official, hint);
}
catch
{
if (_importLocation.EndsWith("pfx", StringComparison.Ordinal) ||
_importLocation.EndsWith("p12", StringComparison.Ordinal)
)
{
importedKeySet = ImportedKeySet.Import.Pkcs12Keys(
keySet.Metadata.Purpose, _importLocation,
CachedPrompt.Password(() =>
{
Console.WriteLine(Localized.MsgForImport);
return(Util.PromptForPassword());
}).Prompt, official, hint);
}
else
{
importedKeySet = ImportedKeySet.Import.PkcsKey(
keySet.Metadata.Purpose, _importLocation,
CachedPrompt.Password(() =>
{
Console.WriteLine(Localized.MsgForImport);
return(Util.PromptForPassword());
}).Prompt, official, hint);
}
}
if (importedKeySet == null)
{
Console.WriteLine(Localized.MsgUnparsableImport);
ret = -1;
}
else
{
if (keySet.Metadata.OriginallyOfficial && keySet.Metadata.ValidOfficial())
{
if (!_force && !importedKeySet.Metadata.ValidOfficial())
{
var keySetKeyType = keySet.Metadata.OfficialKeyType();
ret = -1;
Console.WriteLine(Localized.MsgMismatchedType,
"Multiple Types",
keySetKeyType);
}
else
{
var importedKeyType = importedKeySet.Metadata.OfficialKeyType();
var keySetKeyType = keySet.Metadata.OfficialKeyType();
if (importedKeyType != keySetKeyType && !_force)
{
ret = -1;
Console.WriteLine(Localized.MsgMismatchedType,
importedKeyType,
keySetKeyType);
}
}
}
if (keySet.Metadata.Kind != importedKeySet.Metadata.Kind)
{
if (!keySet.Metadata.Versions.Any())
{
keySet.Metadata.Kind = importedKeySet.Metadata.Kind;
}
else
{
ret = -1;
Console.WriteLine(Localized.MsgConflictingKeyTypes,
keySet.Metadata.Kind.Identifier,
importedKeySet.Metadata.Kind);
}
}
using (importedKeySet)
{
if (ret != -1)
{
var count = importedKeySet.Metadata.Versions.Count();
var outMsg = "";
foreach (var v in importedKeySet.Metadata.Versions)
{
var status = v.Status;
if (count == 1 || _status != KeyStatus.Primary)
{
status = _status;
}
var ver = keySet.AddKey(status, importedKeySet.GetKey(v.VersionNumber));
outMsg = ver.ToString();
}
if (count > 1)
{
outMsg = $"{count} keys";
}
IKeySetWriter writer = new FileSystemKeySetWriter(_location, overwrite: true);
if (crypter != null)
{
writer = new EncryptedKeySetWriter(writer, crypter);
}
else if (_password)
{
writer = new PbeKeySetWriter(writer, prompt);
}
if (keySet.Save(writer))
{
Console.WriteLine("{0} {1}.", Localized.MsgImportedNewKey, outMsg);
ret = 0;
}
else
{
ret = -1;
}
}
}
}
}
return(ret);
}
