public SecretServerLibraryCard(Secret secret) { SecretName = secret.Name; Library = secret.Items.First(item => item.FieldName.ToLower() == "library").Value; CardNumber = secret.Items.First(item => item.FieldName.ToLower() == "card number").Value; Pin = secret.Items.First(item => item.FieldName.ToLower() == "pin").Value; }
public SecretServerSocialSecurityNumber(Secret secret) { SecretName = secret.Name; Name = secret.Items.First(item => item.FieldName.ToLower() == "name").Value; Ssn = secret.Items.First(item => item.FieldName.ToLower() == "ssn").Value; Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value; }
public static string CreateSecret(Session session, string value) { Secret secret = new Secret(); secret.value = value; XenRef<Secret> secretRef = Secret.create(session, secret); return Secret.get_uuid(session, secretRef.opaque_ref); }
public SecretServerWifiKey(Secret secret) { SecretName = secret.Name; Ssid = secret.Items.First(item => item.FieldName.ToLower() == "ssid").Value; KeyType = secret.Items.First(item => item.FieldName.ToLower() == "key type").Value; Key = secret.Items.First(item => item.FieldName.ToLower() == "key").Value; }
public SecretServerCertificate(Secret secret) { SecretName = secret.Name; Name = secret.Items.First(item => item.FieldName.ToLower() == "name").Value; File = string.Format("https://secretserveronline.com/SecretView.aspx?secretid={0}", secret.Id); Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value; }
public void Encrypt_KnownKey() { // Arrange Secret kdk = new Secret(Encoding.UTF8.GetBytes("master key")); ManagedAuthenticatedEncryptor encryptor = new ManagedAuthenticatedEncryptor(kdk, symmetricAlgorithmFactory: Aes.Create, symmetricAlgorithmKeySizeInBytes: 256 / 8, validationAlgorithmFactory: () => new HMACSHA256(), genRandom: new SequentialGenRandom()); ArraySegment<byte> plaintext = new ArraySegment<byte>(new byte[] { 0, 1, 2, 3, 4, 5, 6, 7 }, 2, 3); ArraySegment<byte> aad = new ArraySegment<byte>(new byte[] { 7, 6, 5, 4, 3, 2, 1, 0 }, 1, 4); // Act byte[] retVal = encryptor.Encrypt( plaintext: plaintext, additionalAuthenticatedData: aad); // Assert // retVal := 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F (keyModifier) // | 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F (IV) // | B7 EA 3E 32 58 93 A3 06 03 89 C6 66 03 63 08 4B (encryptedData) // | 9D 8A 85 C7 0F BD 98 D8 7F 72 E7 72 3E B5 A6 26 (HMAC) // | 6C 38 77 F7 66 19 A2 C9 2C BB AD DA E7 62 00 00 string retValAsString = Convert.ToBase64String(retVal); Assert.Equal("AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh+36j4yWJOjBgOJxmYDYwhLnYqFxw+9mNh/cudyPrWmJmw4d/dmGaLJLLut2udiAAA=", retValAsString); }
public ManagedAuthenticatedEncryptor(Secret keyDerivationKey, Func<SymmetricAlgorithm> symmetricAlgorithmFactory, int symmetricAlgorithmKeySizeInBytes, Func<KeyedHashAlgorithm> validationAlgorithmFactory, IManagedGenRandom genRandom = null) { _genRandom = genRandom ?? ManagedGenRandomImpl.Instance; _keyDerivationKey = keyDerivationKey; // Validate that the symmetric algorithm has the properties we require using (var symmetricAlgorithm = symmetricAlgorithmFactory()) { _symmetricAlgorithmFactory = symmetricAlgorithmFactory; _symmetricAlgorithmBlockSizeInBytes = symmetricAlgorithm.GetBlockSizeInBytes(); _symmetricAlgorithmSubkeyLengthInBytes = symmetricAlgorithmKeySizeInBytes; } // Validate that the MAC algorithm has the properties we require using (var validationAlgorithm = validationAlgorithmFactory()) { _validationAlgorithmFactory = validationAlgorithmFactory; _validationAlgorithmDigestLengthInBytes = validationAlgorithm.GetDigestSizeInBytes(); _validationAlgorithmSubkeyLengthInBytes = _validationAlgorithmDigestLengthInBytes; // for simplicity we'll generate MAC subkeys with a length equal to the digest length } // Argument checking on the algorithms and lengths passed in to us AlgorithmAssert.IsAllowableSymmetricAlgorithmBlockSize(checked((uint)_symmetricAlgorithmBlockSizeInBytes * 8)); AlgorithmAssert.IsAllowableSymmetricAlgorithmKeySize(checked((uint)_symmetricAlgorithmSubkeyLengthInBytes * 8)); AlgorithmAssert.IsAllowableValidationAlgorithmDigestSize(checked((uint)_validationAlgorithmDigestLengthInBytes * 8)); _contextHeader = CreateContextHeader(); }
public void Encrypt_KnownKey() { // Arrange Secret kdk = new Secret(Encoding.UTF8.GetBytes("master key")); GcmAuthenticatedEncryptor encryptor = new GcmAuthenticatedEncryptor(kdk, CachedAlgorithmHandles.AES_GCM, symmetricAlgorithmKeySizeInBytes: 128 / 8, genRandom: new SequentialGenRandom()); ArraySegment<byte> plaintext = new ArraySegment<byte>(new byte[] { 0, 1, 2, 3, 4, 5, 6, 7 }, 2, 3); ArraySegment<byte> aad = new ArraySegment<byte>(new byte[] { 7, 6, 5, 4, 3, 2, 1, 0 }, 1, 4); // Act byte[] retVal = encryptor.Encrypt( plaintext: plaintext, additionalAuthenticatedData: aad, preBufferSize: 3, postBufferSize: 4); // Assert // retVal := 00 00 00 (preBuffer) // | 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F (keyModifier) // | 10 11 12 13 14 15 16 17 18 19 1A 1B (nonce) // | 43 B6 91 (encryptedData) // | 8D 0D 66 D9 A1 D9 44 2D 5D 8E 41 DA 39 60 9C E8 (authTag) // | 00 00 00 00 (postBuffer) string retValAsString = Convert.ToBase64String(retVal); Assert.Equal("AAAAAAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaG0O2kY0NZtmh2UQtXY5B2jlgnOgAAAAA", retValAsString); }
public SecretServerLicenseKey(Secret secret) { SecretName = secret.Name; SoftwareName = secret.Items.First(item => item.FieldName.ToLower() == "software name").Value; LicenseKey = secret.Items.First(item => item.FieldName.ToLower() == "license key").Value; File = string.Format("https://secretserveronline.com/SecretView.aspx?secretid={0}", secret.Id); Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value; }
public SecretServerPassword(Secret secret) { SecretName = secret.Name; Resource = secret.Items.First(item => item.FieldName.ToLower() == "server").Value; Username = secret.Items.First(item => item.FieldName.ToLower() == "username").Value; Password = secret.Items.First(item => item.FieldName.ToLower() == "password").Value; Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value; }
public SecretServerActiveDirectory(Secret secret) { SecretName = secret.Name; Domain = secret.Items.First(item => item.FieldName.ToLower() == "domain").Value; Username = secret.Items.First(item => item.FieldName.ToLower() == "username").Value; Password = secret.Items.First(item => item.FieldName.ToLower() == "password").Value; Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value; }
public SecretServerProductLicenseKey(Secret secret) { SecretName = secret.Name; LicensedTo = secret.Items.First(item => item.FieldName.ToLower() == "licensed to").Value; ProductName = secret.Items.First(item => item.FieldName.ToLower() == "product name").Value; LicenseKey = secret.Items.First(item => item.FieldName.ToLower() == "license key").Value; Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value; }
public SecretServerWindowsAccount(Secret secret) { SecretName = secret.Name; Machine = secret.Items.First(item => item.FieldName.ToLower() == "machine").Value; Username = secret.Items.First(item => item.FieldName.ToLower() == "username").Value; Password = secret.Items.First(item => item.FieldName.ToLower() == "password").Value; Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value; }
public SecretServerRemoteDesktopAccount(Secret secret) { SecretName = secret.Name; Computer = secret.Items.First(item => item.FieldName.ToLower() == "computer").Value; Username = secret.Items.First(item => item.FieldName.ToLower() == "username").Value; Password = secret.Items.First(item => item.FieldName.ToLower() == "password").Value; Domain = secret.Items.First(item => item.FieldName.ToLower() == "domain").Value; Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value; }
public SecretServerEmailAccount(Secret secret) { SecretName = secret.Name; EmailAddress = secret.Items.First(item => item.FieldName.ToLower() == "email address").Value; IncomingServer = secret.Items.First(item => item.FieldName.ToLower() == "incoming server").Value; OutgoingServer = secret.Items.First(item => item.FieldName.ToLower() == "outgoing server").Value; Username = secret.Items.First(item => item.FieldName.ToLower() == "username").Value; Password = secret.Items.First(item => item.FieldName.ToLower() == "password").Value; Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value; }
public SecretServerCreditCard(Secret secret) { SecretName = secret.Name; FullName = secret.Items.First(item => item.FieldName.ToLower() == "fullname").Value; CardNumber = secret.Items.First(item => item.FieldName.ToLower() == "number").Value; ExpirationDate = secret.Items.First(item => item.FieldName.ToLower() == "expirationdate").Value; SecurityCode = secret.Items.First(item => item.FieldName.ToLower() == "securitycode").Value; CardType = secret.Items.First(item => item.FieldName.ToLower() == "cardtype").Value; Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value; }
public GcmAuthenticatedEncryptor(Secret keyDerivationKey, BCryptAlgorithmHandle symmetricAlgorithmHandle, uint symmetricAlgorithmKeySizeInBytes, IBCryptGenRandom genRandom = null) { // Is the key size appropriate? AlgorithmAssert.IsAllowableSymmetricAlgorithmKeySize(checked(symmetricAlgorithmKeySizeInBytes * 8)); CryptoUtil.Assert(symmetricAlgorithmHandle.GetCipherBlockLength() == 128 / 8, "GCM requires a block cipher algorithm with a 128-bit block size."); _genRandom = genRandom ?? BCryptGenRandomImpl.Instance; _sp800_108_ctr_hmac_provider = SP800_108_CTR_HMACSHA512Util.CreateProvider(keyDerivationKey); _symmetricAlgorithmHandle = symmetricAlgorithmHandle; _symmetricAlgorithmSubkeyLengthInBytes = symmetricAlgorithmKeySizeInBytes; _contextHeader = CreateContextHeader(); }
public SecretServerBankAccount(Secret secret) { SecretName = secret.Name; AccountNumber = secret.Items.First(item => item.FieldName.ToLower() == "bankaccountnumber").Value; RoutingNumber = secret.Items.First(item => item.FieldName.ToLower() == "transitroutingnumber").Value; BankName = secret.Items.First(item => item.FieldName.ToLower() == "nameofbank").Value; Address1 = secret.Items.First(item => item.FieldName.ToLower() == "address1").Value; Address2 = secret.Items.First(item => item.FieldName.ToLower() == "address2").Value; Address3 = secret.Items.First(item => item.FieldName.ToLower() == "address3").Value; ContactPerson = secret.Items.First(item => item.FieldName.ToLower() == "contactperson").Value; ContactPhone = secret.Items.First(item => item.FieldName.ToLower() == "contactphone").Value; Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value; }
public void Encrypt_Decrypt_RoundTrips() { // Arrange Secret kdk = new Secret(new byte[512 / 8]); GcmAuthenticatedEncryptor encryptor = new GcmAuthenticatedEncryptor(kdk, CachedAlgorithmHandles.AES_GCM, symmetricAlgorithmKeySizeInBytes: 256 / 8); ArraySegment<byte> plaintext = new ArraySegment<byte>(Encoding.UTF8.GetBytes("plaintext")); ArraySegment<byte> aad = new ArraySegment<byte>(Encoding.UTF8.GetBytes("aad")); // Act byte[] ciphertext = encryptor.Encrypt(plaintext, aad); byte[] decipheredtext = encryptor.Decrypt(new ArraySegment<byte>(ciphertext), aad); // Assert Assert.Equal(plaintext, decipheredtext); }
internal SecretIdentityItem(Secret secret) { if (secret == null) throw new ArgumentNullException("secret"); if (secret.Attributes == null) throw new ArgumentException(KeyVaultProperties.Resources.InvalidSecretAttributes); SetObjectIdentifier(secret); Enabled = secret.Attributes.Enabled; Expires = secret.Attributes.Expires; NotBefore = secret.Attributes.NotBefore; Created = secret.Attributes.Created; Updated = secret.Attributes.Updated; Tags = secret.Attributes.Tags; }
public void Encrypt_Decrypt_RoundTrips() { // Arrange Secret kdk = new Secret(new byte[512 / 8]); ManagedAuthenticatedEncryptor encryptor = new ManagedAuthenticatedEncryptor(kdk, symmetricAlgorithmFactory: Aes.Create, symmetricAlgorithmKeySizeInBytes: 256 / 8, validationAlgorithmFactory: () => new HMACSHA256()); ArraySegment<byte> plaintext = new ArraySegment<byte>(Encoding.UTF8.GetBytes("plaintext")); ArraySegment<byte> aad = new ArraySegment<byte>(Encoding.UTF8.GetBytes("aad")); // Act byte[] ciphertext = encryptor.Encrypt(plaintext, aad); byte[] decipheredtext = encryptor.Decrypt(new ArraySegment<byte>(ciphertext), aad); // Assert Assert.Equal(plaintext, decipheredtext); }
public CbcAuthenticatedEncryptor(Secret keyDerivationKey, BCryptAlgorithmHandle symmetricAlgorithmHandle, uint symmetricAlgorithmKeySizeInBytes, BCryptAlgorithmHandle hmacAlgorithmHandle, IBCryptGenRandom genRandom = null) { _genRandom = genRandom ?? BCryptGenRandomImpl.Instance; _sp800_108_ctr_hmac_provider = SP800_108_CTR_HMACSHA512Util.CreateProvider(keyDerivationKey); _symmetricAlgorithmHandle = symmetricAlgorithmHandle; _symmetricAlgorithmBlockSizeInBytes = symmetricAlgorithmHandle.GetCipherBlockLength(); _symmetricAlgorithmSubkeyLengthInBytes = symmetricAlgorithmKeySizeInBytes; _hmacAlgorithmHandle = hmacAlgorithmHandle; _hmacAlgorithmDigestLengthInBytes = hmacAlgorithmHandle.GetHashDigestLength(); _hmacAlgorithmSubkeyLengthInBytes = _hmacAlgorithmDigestLengthInBytes; // for simplicity we'll generate HMAC subkeys with a length equal to the digest length // Argument checking on the algorithms and lengths passed in to us AlgorithmAssert.IsAllowableSymmetricAlgorithmBlockSize(checked(_symmetricAlgorithmBlockSizeInBytes * 8)); AlgorithmAssert.IsAllowableSymmetricAlgorithmKeySize(checked(_symmetricAlgorithmSubkeyLengthInBytes * 8)); AlgorithmAssert.IsAllowableValidationAlgorithmDigestSize(checked(_hmacAlgorithmDigestLengthInBytes * 8)); _contextHeader = CreateContextHeader(); }
public void Encrypt_Decrypt_Tampering_Fails() { // Arrange Secret kdk = new Secret(new byte[512 / 8]); ManagedAuthenticatedEncryptor encryptor = new ManagedAuthenticatedEncryptor(kdk, symmetricAlgorithmFactory: Aes.Create, symmetricAlgorithmKeySizeInBytes: 256 / 8, validationAlgorithmFactory: () => new HMACSHA256()); ArraySegment<byte> plaintext = new ArraySegment<byte>(Encoding.UTF8.GetBytes("plaintext")); ArraySegment<byte> aad = new ArraySegment<byte>(Encoding.UTF8.GetBytes("aad")); byte[] validCiphertext = encryptor.Encrypt(plaintext, aad); // Act & assert - 1 // Ciphertext is too short to be a valid payload byte[] invalidCiphertext_tooShort = new byte[10]; Assert.Throws<CryptographicException>(() => { encryptor.Decrypt(new ArraySegment<byte>(invalidCiphertext_tooShort), aad); }); // Act & assert - 2 // Ciphertext has been manipulated byte[] invalidCiphertext_manipulated = (byte[])validCiphertext.Clone(); invalidCiphertext_manipulated[0] ^= 0x01; Assert.Throws<CryptographicException>(() => { encryptor.Decrypt(new ArraySegment<byte>(invalidCiphertext_manipulated), aad); }); // Act & assert - 3 // Ciphertext is too long byte[] invalidCiphertext_tooLong = validCiphertext.Concat(new byte[] { 0 }).ToArray(); Assert.Throws<CryptographicException>(() => { encryptor.Decrypt(new ArraySegment<byte>(invalidCiphertext_tooLong), aad); }); // Act & assert - 4 // AAD is incorrect Assert.Throws<CryptographicException>(() => { encryptor.Decrypt(new ArraySegment<byte>(validCiphertext), new ArraySegment<byte>(Encoding.UTF8.GetBytes("different aad"))); }); }
// Creates a provider from the given secret. public static ISP800_108_CTR_HMACSHA512Provider CreateProvider(Secret kdk) { uint secretLengthInBytes = checked((uint)kdk.Length); if (secretLengthInBytes == 0) { return CreateEmptyProvider(); } else { fixed (byte* pbPlaintextSecret = new byte[secretLengthInBytes]) { try { kdk.WriteSecretIntoBuffer(pbPlaintextSecret, checked((int)secretLengthInBytes)); return CreateProvider(pbPlaintextSecret, secretLengthInBytes); } finally { UnsafeBufferUtil.SecureZeroMemory(pbPlaintextSecret, secretLengthInBytes); } } } }
protected override void ProcessRecord() { Secret[] secrets; switch (this.ParameterSetName) { case ParameterSetNames.SecretObjects: secrets = this.Secret; break; case ParameterSetNames.SingleInsecureSecret: secrets = new Secret[] { new Secret() { Name = this.Name, Version = this.Version, Value = ToSecureString(this.InsecureValue) } }; break; case ParameterSetNames.SingleSecureSecret: secrets = new Secret[] { new Secret() { Name = this.Name, Version = this.Version, Value = this.SecureValue } }; break; default: throw new InvalidPowerShellStateException(string.Format("Invalid parameter set name '{0}'.", this.ParameterSetName)); } var clusterConnection = this.GetClusterConnection(); try { var result = clusterConnection.SetSecretsAsync( secrets, this.GetTimeout(), this.GetCancellationToken()).Result; this.WriteObject(result); } catch (AggregateException aggregateException) { aggregateException.Handle((ae) => { this.ThrowTerminatingError( ae, "SetSecretsErrorId", clusterConnection); return(true); }); } catch (Exception ex) { this.ThrowTerminatingError( ex, "SetSecretsErrorId", clusterConnection); } }
public SecretServerRewardsCard(Secret secret) { SecretName = secret.Name; CardNumber = secret.Items.First(item => item.FieldName.ToLower() == "cardnumber").Value; Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value; }
public SecretServerKeyFile(Secret secret) { SecretName = secret.Name; Key = secret.Items.First(item => item.FieldName.ToLower() == "key").Value; }
public CrayonApiClientResult <Secret> Create(string token, Secret secret) { var uri = "/api/v1/secrets/"; return(_client.Post <Secret>(token, uri, secret)); }
/// <summary> /// Dispose /// </summary> public void Dispose() { Key?.Dispose(); Secret?.Dispose(); PrivateKey?.Dispose(); }
public void runUpload(System.Threading.CancellationToken serviceStop) { DateTime startTime = DateTime.UtcNow; string uploadToken = ""; Session session = new Session(connection.Hostname, 80); session.APIVersion = API_Version.LATEST; try { session.login_with_password(connection.Username, connection.Password); connection.LoadCache(session); var pool = Helpers.GetPoolOfOne(connection); if (pool != null) { try { string opaqueref = Secret.get_by_uuid(session, pool.CallHomeSettings.UploadTokenSecretUuid); uploadToken = Secret.get_value(session, opaqueref); } catch (Exception e) { log.Error("Exception getting the upload token from the xapi secret", e); uploadToken = null; } } if (string.IsNullOrEmpty(uploadToken)) { if (session != null) { session.logout(); } session = null; log.ErrorFormat("The upload token is not retrieved for {0}", connection.Hostname); updateCallHomeSettings(false, startTime); server.task = null; ServerListHelper.instance.UpdateServerInfo(server); return; } } catch (Exception e) { if (session != null) { session.logout(); } session = null; log.Error(e, e); updateCallHomeSettings(false, startTime); server.task = null; ServerListHelper.instance.UpdateServerInfo(server); return; } try { CancellationTokenSource cts = new CancellationTokenSource(); Func <string> upload = delegate() { try { return(bundleUpload(connection, session, uploadToken, cts.Token)); } catch (OperationCanceledException) { return(""); } }; System.Threading.Tasks.Task <string> task = new System.Threading.Tasks.Task <string>(upload); task.Start(); // Check if the task runs to completion before timeout. for (int i = 0; i < TIMEOUT; i += INTERVAL) { // If the task finishes, set CallHomeSettings accordingly. if (task.IsCompleted || task.IsCanceled || task.IsFaulted) { if (task.Status == System.Threading.Tasks.TaskStatus.RanToCompletion) { string upload_uuid = task.Result; if (!string.IsNullOrEmpty(upload_uuid)) { updateCallHomeSettings(true, startTime, upload_uuid); } else { updateCallHomeSettings(false, startTime); } } else { updateCallHomeSettings(false, startTime); } server.task = null; ServerListHelper.instance.UpdateServerInfo(server); return; } // If the main thread (XenServerHealthCheckService) stops, // set the cancel token to notify the working task to return. if (serviceStop.IsCancellationRequested) { cts.Cancel(); updateCallHomeSettings(false, startTime); task.Wait(); server.task = null; ServerListHelper.instance.UpdateServerInfo(server); return; } System.Threading.Thread.Sleep(INTERVAL); } // The task has run for 24h, cancel the task and mark it as a failure upload. cts.Cancel(); updateCallHomeSettings(false, startTime); task.Wait(); server.task = null; ServerListHelper.instance.UpdateServerInfo(server); return; } catch (Exception e) { if (session != null) { session.logout(); } session = null; log.Error(e, e); server.task = null; ServerListHelper.instance.UpdateServerInfo(server); } }
static void Main(string[] args) { KeyBundle keyBundle = null; // The key specification and attributes Secret secret = null; string keyName = string.Empty; string secretName = string.Empty; inputValidator = new InputValidator(args); TracingAdapter.AddTracingInterceptor(new ConsoleTracingInterceptor()); TracingAdapter.IsEnabled = inputValidator.GetTracingEnabled(); var clientId = ConfigurationManager.AppSettings["AuthClientId"]; var cerificateThumbprint = ConfigurationManager.AppSettings["AuthCertThumbprint"]; var certificate = FindCertificateByThumbprint(cerificateThumbprint); var assertionCert = new ClientAssertionCertificate(clientId, certificate); keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback( (authority, resource, scope) => GetAccessToken(authority, resource, scope, assertionCert)), GetHttpClient()); // SECURITY: DO NOT USE IN PRODUCTION CODE; FOR TEST PURPOSES ONLY //ServicePointManager.ServerCertificateValidationCallback += ( sender, cert, chain, sslPolicyErrors ) => true; List <KeyOperationType> successfulOperations = new List <KeyOperationType>(); List <KeyOperationType> failedOperations = new List <KeyOperationType>(); foreach (var operation in inputValidator.GetKeyOperations()) { try { Console.Out.WriteLine(string.Format("\n\n {0} is in process ...", operation.ToString())); switch (operation) { case KeyOperationType.CREATE_KEY: keyBundle = CreateKey(keyBundle, out keyName); break; case KeyOperationType.IMPORT_KEY: keyBundle = ImportKey(out keyName); break; case KeyOperationType.GET_KEY: keyBundle = GetKey(keyBundle); break; case KeyOperationType.LIST_KEYVERSIONS: ListKeyVersions(keyName); break; case KeyOperationType.UPDATE_KEY: keyBundle = UpdateKey(keyName); break; case KeyOperationType.DELETE_KEY: DeleteKey(keyName); break; case KeyOperationType.BACKUP_RESTORE: keyBundle = BackupRestoreKey(keyName); break; case KeyOperationType.SIGN_VERIFY: SignVerify(keyBundle); break; case KeyOperationType.ENCRYPT_DECRYPT: EncryptDecrypt(keyBundle); break; case KeyOperationType.ENCRYPT: Encrypt(keyBundle); break; case KeyOperationType.DECRYPT: Decrypt(keyBundle); break; case KeyOperationType.WRAP_UNWRAP: WrapUnwrap(keyBundle); break; case KeyOperationType.CREATE_SECRET: secret = CreateSecret(out secretName); break; case KeyOperationType.GET_SECRET: secret = GetSecret(secret.Id); break; case KeyOperationType.LIST_SECRETS: ListSecrets(); break; case KeyOperationType.DELETE_SECRET: secret = DeleteSecret(secretName); break; } successfulOperations.Add(operation); } catch (KeyVaultClientException exception) { // The Key Vault exceptions are logged but not thrown to avoid blocking execution for other commands running in batch Console.Out.WriteLine("Operation failed: {0}", exception.Message); failedOperations.Add(operation); } } Console.Out.WriteLine("\n\n---------------Successful Key Vault operations:---------------"); foreach (KeyOperationType type in successfulOperations) { Console.Out.WriteLine("\t{0}", type); } if (failedOperations.Count > 0) { Console.Out.WriteLine("\n\n---------------Failed Key Vault operations:---------------"); foreach (KeyOperationType type in failedOperations) { Console.Out.WriteLine("\t{0}", type); } } Console.Out.WriteLine(); Console.Out.Write("Press enter to continue . . ."); Console.In.Read(); }
/// <summary> /// Builds a full connection string with access key included and returns as a <see cref="Microsoft.AdvocacyPlatform.Contracts.Secret"/>. /// </summary> /// <param name="storageConnectionString">The data store connection string.</param> /// <param name="storageAccessKey">The access key for the data store.</param> /// <returns>The full connection string as a <see cref="Microsoft.AdvocacyPlatform.Contracts.Secret"/>.</returns> public static Secret GetFullStorageConnectionString(string storageConnectionString, Secret storageAccessKey) { StringBuilder connectionStringBuilder = new StringBuilder(storageConnectionString); if (!storageConnectionString.EndsWith(";")) { connectionStringBuilder = connectionStringBuilder.Append(";"); } connectionStringBuilder.Append("SharedAccessSignature="); SecureString securedString = new SecureString(); foreach (char character in connectionStringBuilder.ToString()) { securedString.AppendChar(character); } foreach (char character in storageAccessKey.Value) { securedString.AppendChar(character); } securedString.MakeReadOnly(); return(new Secret(storageAccessKey.Identifier, securedString)); }
private async Task <TargetUri> CreatePersonalAccessTokenRequestUri(TargetUri targetUri, Secret authorization, bool requireCompactToken) { const string SessionTokenUrl = "_apis/token/sessiontokens?api-version=1.0"; const string CompactTokenUrl = SessionTokenUrl + "&tokentype=compact"; if (targetUri is null) { throw new ArgumentNullException(nameof(targetUri)); } if (authorization is null) { throw new ArgumentNullException(nameof(authorization)); } var idenityServiceUri = await GetIdentityServiceUri(targetUri, authorization); if (idenityServiceUri is null) { throw new LocationServiceException($"Failed to find Identity Service for `{targetUri}`."); } string url = idenityServiceUri.ToString(); url += requireCompactToken ? CompactTokenUrl : SessionTokenUrl; var requestUri = new Uri(url, UriKind.Absolute); return(targetUri.CreateWith(requestUri)); }
internal async Task <bool> ValidateSecret(TargetUri targetUri, Secret secret) { const string AnonymousUserPattern = @"""properties""\s*:\s*{\s*""Account""\s*:\s*{\s*""\$type""\s*:\s*""System.String""\s*,\s*""\$value""\s*:\s*""Anonymous""}\s*}"; if (targetUri is null) { throw new ArgumentNullException(nameof(targetUri)); } if (secret is null) { return(false); } // Create an request to the Azure DevOps deployment data end-point. var requestUri = GetConnectionDataUri(targetUri); var options = new NetworkRequestOptions(true) { Authorization = secret, CookieContainer = new CookieContainer(), }; try { // Send the request and wait for the response. using (var response = await Network.HttpGetAsync(requestUri, options)) { HttpStatusCode statusCode = response.StatusCode; string content = response?.Content?.AsString; // If the server responds with content, and said content matches the anonymous details the credentials are invalid. if (content != null && Regex.IsMatch(content, AnonymousUserPattern, RegexOptions.CultureInvariant | RegexOptions.IgnoreCase)) { Trace.WriteLine($"credential validation for '{targetUri}' failed."); return(false); } // If the service responded with a 2XX status code the credentials are valid. if (statusCode >= HttpStatusCode.OK && statusCode < HttpStatusCode.Ambiguous) { return(true); } Trace.WriteLine($"credential validation for '{targetUri}' failed [{(int)response.StatusCode}]."); // Even if the service responded, if the issue isn't a 400 class response then the credentials were likely not rejected. if (statusCode < HttpStatusCode.BadRequest || statusCode >= HttpStatusCode.InternalServerError) { return(true); } } } catch (HttpRequestException exception) { // Since we're unable to invalidate the credentials, return optimistic results. // This avoid credential invalidation due to network instability, etc. Trace.WriteLine($"unable to validate credentials for '{targetUri}', failure occurred before server could respond."); Trace.WriteException(exception); return(true); } catch (Exception exception) { Trace.WriteLine($"credential validation for '{targetUri}' failed."); Trace.WriteException(exception); return(false); } Trace.WriteLine($"credential validation for '{targetUri}' failed."); return(false); }
/// <exclude/> public override int GetHashCode() { return(((Key != null) ? Key.GetHashCode() : 0) ^ ((Secret != null) ? Secret.GetHashCode() : 0)); }
public static IEnumerable <Client> GetClients() { var secret = new Secret { Value = "Password123!".Sha256() }; return(new List <Client> { new Client { ClientId = "authorizationCodeClient2", ClientName = "Authorization Code Client", ClientSecrets = new List <Secret> { secret }, Enabled = true, AllowedGrantTypes = new List <string> { "authorization_code" }, //DELTA //IdentityServer3 wanted Flow = Flows.AuthorizationCode, RequireConsent = true, AllowRememberConsent = true, RedirectUris = new List <string> { "https://www.getpostman.com/oauth2/callback" }, AllowedCorsOrigins = new List <string> { "https://www.getpostman.com/" }, PostLogoutRedirectUris = new List <string> { "https://www.getpostman.com/oauth2/callback" }, AllowedScopes = new List <string> { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.Email, "customAPI.read" }, AccessTokenType = AccessTokenType.Jwt, AllowOfflineAccess = true }, new Client { ClientId = "oauthClient", ClientName = "Example Client Credentials Client Application", AllowedGrantTypes = GrantTypes.ClientCredentials, ClientSecrets = new List <Secret> { new Secret("Password123!".Sha256()) }, AllowedScopes = new List <string> { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.Email, "customAPI.read" } } }); }
public SdkOptions(string workflowId, Secret secret) : base(null, secret) { this.WorkflowId = workflowId; }
private string CreateSecret(Session session, string username, string password) { string val = string.Format("{0}{1}{2}", username, CREDENTIALS_SEPARATOR, password); return(Secret.CreateSecret(session, val)); }
protected override Task <Key> OnRotateSecretAsync(Secret secret, CancellationToken token) { throw new NotImplementedException(); }
public SecretImportanceChangedEvent(Secret changedImportanceSecret) { _changedImportanceSecret = changedImportanceSecret; }
public SecretServerPin(Secret secret) { SecretName = secret.Name; PinCode = secret.Items.First(item => item.FieldName.ToLower() == "pincode").Value; Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value; }
public BeforeSpellTriggerInfo(Secret cast) { spell_cast = cast; }
public async Task<IActionResult> AddClientSecret(NewClientSecretViewModel model) { if (!ModelState.IsValid) { return RedirectToAction("EditClient", new { siteId = model.SiteId, clientId = model.ClientId }); } Guid siteId = siteManager.CurrentSite.Id; if (!string.IsNullOrEmpty(model.SiteId) && model.SiteId.Length == 36) { siteId = new Guid(model.SiteId); } var selectedSite = await siteManager.GetSiteForDataOperations(siteId); var client = await clientsManager.FetchClient(selectedSite.Id.ToString(), model.ClientId); if (client == null) { this.AlertDanger(sr["Invalid request, client not found."], true); return RedirectToAction("Index"); } var secret = new Secret(model.Value, model.Description, model.Expiration); secret.Type = model.Type; if (client.ClientSecrets.Contains(secret)) { this.AlertDanger(sr["Client already has a secret with that value."], true); return RedirectToAction("EditClient", new { siteId = selectedSite.Id.ToString(), clientId = model.ClientId }); } client.ClientSecrets.Add(secret); await clientsManager.UpdateClient(selectedSite.Id.ToString(), client); this.AlertSuccess(sr["The Secret was successfully added."], true); return RedirectToAction("EditClient", new { siteId = selectedSite.Id.ToString(), clientId = model.ClientId }); }
public override int GetHashCode() { return(Secret?.GetHashCode() ?? 0); }
internal static global::System.Runtime.InteropServices.HandleRef getCPtr(Secret obj) { return((obj == null) ? new global::System.Runtime.InteropServices.HandleRef(null, global::System.IntPtr.Zero) : obj.swigCPtr); }
/// <summary> /// Get the persisted secret from the server, or prompt for new credentials and persist those back to the server. /// Completion of this thread is indicated by state.Credentials being set. /// </summary> /// <param name="obj"></param> private void GetSecret(object obj) { Program.AssertOffEventThread(); BrowserState state = (BrowserState)obj; try { Session session = state.Obj.Connection.Session; do { Pool pool = Helpers.GetPoolOfOne(state.Obj.Connection); if (pool == null) { log.Warn("Failed to get Pool!"); Thread.Sleep(5000); continue; } string secret_uuid = pool.GetXCPluginSecret(PluginDescriptor.Name, state.Obj); if (string.IsNullOrEmpty(secret_uuid)) { var msg = secret_uuid == null ? "Nothing persisted." : "User chose not to persist these credentials."; log.Debug(msg + " Prompting for new credentials."); Program.Invoke(Program.MainWindow, () => { state.Credentials = PromptForUsernamePassword(secret_uuid == null); }); MaybePersistCredentials(session, pool, state.Obj, state.Credentials); return; } else { log.Debug("Found a secret."); XenRef <Secret> secret = null; try { secret = Secret.get_by_uuid(session, secret_uuid); } catch (Failure exn) { log.Warn(string.Format("Secret with uuid {0} for {1} on plugin {2} has disappeared! Removing from pool.gui_config.", secret_uuid, Helpers.GetName(state.Obj), PluginDescriptor.Name), exn); TryToRemoveSecret(pool, session, PluginDescriptor.Name, state.Obj); continue; } string val = Secret.get_value(session, secret); string[] bits = val.Split(CREDENTIALS_SEPARATOR); if (bits.Length != 2) { log.WarnFormat("Corrupt secret with uuid {0} for {1} on plugin {2}! Deleting.", secret_uuid, Helpers.GetName(state.Obj), PluginDescriptor.Name); TryToDestroySecret(session, secret.opaque_ref); TryToRemoveSecret(pool, session, PluginDescriptor.Name, state.Obj); continue; } log.Debug("Secret successfully read."); state.Credentials = new BrowserState.BrowserCredentials { Username = bits[0], Password = bits[1], PersistCredentials = true, Valid = true }; return; } // Unreachable. Should either have returned, or continued (to retry). } while (true); } catch (Exception exn) { log.Warn("Ignoring exception when trying to get secret", exn); // Note that it's essential that we set state.Credentials before leaving this function, // because other threads are waiting for that value to appear. state.Credentials = new BrowserState.BrowserCredentials { Valid = false }; } }
/// <inheritdoc /> public override IAuthenticatedEncryptorDescriptor CreateNewDescriptor() { var internalConfiguration = (IInternalAlgorithmConfiguration)this; return(internalConfiguration.CreateDescriptorFromSecret(Secret.Random(KDK_SIZE_IN_BYTES))); }
protected override void Run() { log.Debug("Running SR.Create()"); log.DebugFormat("host='{0}'", Host.Name()); log.DebugFormat("name='{0}'", _srName); log.DebugFormat("description='{0}'", _srDescription); log.DebugFormat("type='{0}'", _srType); log.DebugFormat("content type='{0}'", _srContentType); log.DebugFormat("is shared='{0}'", _srIsShared); string secretuuid = null; string value; if (_dconf.TryGetValue("cifspassword", out value)) { secretuuid = CreateSecret("cifspassword", value); } else if (_dconf.TryGetValue("password", out value)) { secretuuid = CreateSecret("password", value); } else if (_dconf.TryGetValue("chappassword", out value)) { secretuuid = CreateSecret("chappassword", value); } Description = Messages.ACTION_SR_CREATING; XenRef <SR> sr; try { sr = XenAPI.SR.create(Session, Host.opaque_ref, _dconf, 0, _srName, _srDescription, _srType.ToString().ToLowerInvariant(), _srContentType, _srIsShared, _smconf ?? new Dictionary <string, string>()); Result = sr; } catch { if (!string.IsNullOrEmpty(secretuuid)) { string opaqref = Secret.get_by_uuid(Session, secretuuid); Secret.destroy(Session, opaqref); } throw; } finally { // Destroy secret after the SR creation is complete. This is safe // since all PBDs will have duplicated the secret (CA-113396). // // We do this on a best-effort basis because some types of errors // mean the secret was never actually created, so the operation will // fail, masking any earlier error (CA-145254), or causing a successful // SR.create to be reported as an error. The worst that can happen is // that an unused secret will be left lying around without warning. try { if (!string.IsNullOrEmpty(secretuuid) && Helpers.CreedenceOrGreater(Connection)) { string opaqref = Secret.get_by_uuid(Session, secretuuid); Secret.destroy(Session, opaqref); } } catch { } } log.Debug("Checking that SR.create() actually succeeded"); foreach (XenRef <PBD> pbdRef in XenAPI.SR.get_PBDs(Session, sr.opaque_ref)) { if (!XenAPI.PBD.get_currently_attached(Session, pbdRef)) { // The automatic plug done by the SR.create has failed to plug this PDB: // try the plug manually, and report the failure. Roll back the operation // by forgetting the SR. try { XenAPI.PBD.plug(this.Session, pbdRef); } catch (Exception exn) { if (exn is Failure) { Failure f = (Failure)exn; if (f.ErrorDescription[0] == Failure.HOST_OFFLINE || f.ErrorDescription[0] == Failure.HOST_STILL_BOOTING) { log.Warn("Unable to check storage settings, due to host being down", f); } } else { log.Debug("Plug failed on a PBD: performing SR.forget"); ForgetFailedSR(sr); throw; } } } } Dictionary <string, string> other_config = new Dictionary <string, string>(); other_config.Add("auto-scan", _srContentType == XenAPI.SR.Content_Type_ISO ? "true" : "false"); XenAPI.SR.set_other_config(Session, Result, other_config); if (isFirstSharedNonISOSR()) { SR new_sr = Connection.WaitForCache(new XenRef <SR>(Result), GetCancelling); if (Cancelling) { throw new CancelledException(); } if (new_sr == null) { throw new Failure(Failure.HANDLE_INVALID, "SR", Result); } // Set this SR to be the default new SrAction(SrActionKind.SetAsDefault, new_sr).RunExternal(Session); } Description = Messages.ACTION_SR_CREATE_SUCCESSFUL; }
protected void AssertSecretsEqual(Secret exp, Secret act) { Assert.AreEqual(exp.Value, act.Value); AssertSecretsEqual((SecretBase)exp, (SecretBase)act); }
public void Convert(string template, Secret secret) { _browser.NativeBrowser.NavigateTo(new Uri("https://lionlock.com/App/Secret/SecretSelectTemplate")); switch (template) { case "Bank Account": ConvertBankAccount(secret); break; case "Credit Card": ConvertCreditCard(secret); break; case "Social Security Number": ConvertSsn(secret); break; case "License Key": ConvertLicenseKey(secret); break; case "KeyFile": ConvertKeyFile(secret); break; case "Certificate": ConvertCertificate(secret); break; case "Product License Key": ConvertProductLicenceKey(secret); break; case "Password": ConvertPassword(secret); break; case "Active Directory Account": ConvertActiveDirectory(secret); break; case "Windows Account": ConvertWindowsAccounts(secret); break; case "Remote Desktop Account": ConvertRemoteDesktopAccount(secret); break; case "Pin": ConvertPin(secret); break; case "Library Card": ConvertLibraryCard(secret); break; case "Rewards Card": ConvertRewardsCard(secret); break; case "Web Password": ConvertWebPassword(secret); break; case "Email Account": ConvertEmailAccount(secret); break; case "WiFi Key": ConvertWifiKey(secret); break; default: throw new NotImplementedException(); } Save(secret); FavoriteIfNeeded(secret); _log.AppendLine("---"); }
protected override void Awake() { base.Awake(); secret = GetComponent <Secret>(); }
public void LedgerTransformationTestMerkleHash() { using (var context = CreateContext(true)) { var sender = BTC_ISSUER; var signer1 = CreateAccount(); var signer2 = CreateAccount(); var signers = new List <Address>() { signer1, signer2 }; var multi = new MultiSignature(signers, 2); var secret = Secret.GenerateSecret(); var hashlock = new HashLock(secret.ComputeSecretHash(SecretHashType.SHA3)); var timeLock = new TimeLock(DateTime.Now.AddDays(-1).ToUnixTimestamp()); var signed = Transfer(sender, multi.Address, Currency.BTC, 10, null, null, new List <TxDeclaration>() { multi, hashlock, timeLock }); context.SendTransaction(signed); var signed1 = Transfer(sender, hashlock.Address, Currency.BTC, 10, null, null, new List <TxDeclaration>() { multi, hashlock, timeLock }); context.SendTransaction(signed1); var signed2 = Transfer(sender, timeLock.Address, Currency.BTC, 10, null, null, new List <TxDeclaration>() { multi, hashlock, timeLock }); context.SendTransaction(signed2); // Send address declaration but don't use the address var signed3 = Transfer(sender, timeLock.Address, Currency.BTC, 10, null, null, new List <TxDeclaration>() { new MultiSignature(new List <Address>() { CreateAccount(), CreateAccount(), CreateAccount() }, 3) }); context.SendTransaction(signed3); // Send address declaration but don't use the address var signed4 = Transfer(sender, timeLock.Address, Currency.BTC, 10, null, null, new List <TxDeclaration>() { new HashLock(Secret.GenerateSecret().ComputeSecretHash(SecretHashType.SHA256)) }); context.SendTransaction(signed4); // Send address declaration but don't use the address var signed5 = Transfer(sender, timeLock.Address, Currency.BTC, 10, null, null, new List <TxDeclaration>() { new TimeLock(777) }); context.SendTransaction(signed5); Assert.IsTrue(context.TryCreateNextLedger()); context.DataTransformationService.WaitTransformationCompleted(); var last = context.LedgerService.LedgerManager.GetMerkleRootHash(); Assert.Fail(); /* * var fromDb = context.DatabaseService.ReadDatabaseManager.GetLastLedger(); * * if(fromDb.GetHeight() != context.LedgerService.LedgerManager.LastLedger.GetHeight()) * Assert.Inconclusive(); * * Assert.IsTrue(last.Equals(fromDb.Ledger.MerkleHash)); */ } }
public void Clear() { Secret.Clear(); Public.Clear(); }
private async Task SubmitDocuments(ConsoleButton consoleButton) { try { switch (consoleButton.Name) { //Handle each Button's functionality case "Submit Documents": int workspaceId = this.Helper.GetActiveCaseID(); int modelId = this.ActiveArtifact.ArtifactID; Model model = new Model(); //Get Documents In SavedSearch int savedSearchId = (int)this.ActiveArtifact.Fields[Guids.Model.SAVED_SEARCH_FIELD.ToString()].Value.Value; await model.ReadDocumentsInSavedSeach(Helper.GetServicesManager(), workspaceId, savedSearchId); //Could have made function shared with the other event handler but left here for demo Relativity.API.IDBContext workspaceContext = Helper.GetDBContext(workspaceId); string documentLocation = string.Empty; List <string> documentLocations = new List <string>(); foreach (int documentArtifactId in model.DocsInSearch) { string sql = @"SELECT [Location] FROM [file] WITH(NOLOCK) WHERE [DocumentArtifactId] = @documentArtifactID AND [Type] = 0"; SqlParameter documentArtifactIdParam = new SqlParameter("@documentArtifactID", SqlDbType.Int); documentArtifactIdParam.Value = documentArtifactId; documentLocation = workspaceContext.ExecuteSqlStatementAsScalar <String>(sql, new SqlParameter[] { documentArtifactIdParam }); documentLocations.Add(documentLocation); } //get secrets AzureSettings azureSettings = new AzureSettings(); ISecretStore secretStore = this.Helper.GetSecretStore(); Secret secret = secretStore.Get(azureSettings.SecretPath); string congnitiveServicesKey = secret.Data[azureSettings.CognitiveServicesKeySecretName]; string congnitiveServicesEndPoint = secret.Data[azureSettings.CognitiveServicesEndpointSecretName]; string storageAccountKey = secret.Data[azureSettings.StorageAccountKeySecretName]; string storageAccountName = secret.Data[azureSettings.StorageAccountNameSecretName]; //upload documents to New Container AzureStorageService azureStorageService = new FormRecognition.AzureStorageService(storageAccountKey, storageAccountName); Microsoft.Azure.Storage.Blob.CloudBlobClient client = azureStorageService.GetClient(); string containerPrefix = workspaceId.ToString() + "-" + modelId.ToString(); string sasUrl = azureStorageService.UploadFiles(client, documentLocations, containerPrefix); string containerName = azureStorageService.ContainerName; //Train model AzureFormRecognitionService azureFormRecognitionService = new FormRecognition.AzureFormRecognitionService(congnitiveServicesKey, congnitiveServicesEndPoint, Helper); Guid modeld = await azureFormRecognitionService.TrainModelAsync(azureFormRecognitionService.GetClient(), sasUrl); model.ModelGuid = modeld; model.SasUrl = sasUrl; //Update Relativity with data returned await model.UpdateRelativity(Helper.GetServicesManager(), workspaceId, modelId); break; } } catch (Exception e) { Helper.GetLoggerFactory().GetLogger().LogError(e, "Submit Documents Error"); throw; } }
public AppStack() { var resourceGroup = new ResourceGroup("keyvault-rg"); // Create a storage account for Blobs var storageAccount = new Account("storage", new AccountArgs { ResourceGroupName = resourceGroup.Name, AccountReplicationType = "LRS", AccountTier = "Standard", }); // The container to put our files into var storageContainer = new Container("files", new ContainerArgs { StorageAccountName = storageAccount.Name, ContainerAccessType = "private", }); // Azure SQL Server that we want to access from the application var administratorLoginPassword = new RandomPassword("password", new RandomPasswordArgs { Length = 16, Special = true }).Result; var sqlServer = new SqlServer("sqlserver", new SqlServerArgs { ResourceGroupName = resourceGroup.Name, // The login and password are required but won't be used in our application AdministratorLogin = "******", AdministratorLoginPassword = administratorLoginPassword, Version = "12.0", }); // Azure SQL Database that we want to access from the application var database = new Database("db", new DatabaseArgs { ResourceGroupName = resourceGroup.Name, ServerName = sqlServer.Name, RequestedServiceObjectiveName = "S0", }); // The connection string that has no credentials in it: authertication will come through MSI var connectionString = Output.Format($"Server=tcp:{sqlServer.Name}.database.windows.net;Database={database.Name};"); // A file in Blob Storage that we want to access from the application var textBlob = new Blob("text", new BlobArgs { StorageAccountName = storageAccount.Name, StorageContainerName = storageContainer.Name, Type = "Block", Source = new FileAsset("./README.md"), }); // A plan to host the App Service var appServicePlan = new Plan("asp", new PlanArgs { ResourceGroupName = resourceGroup.Name, Kind = "App", Sku = new PlanSkuArgs { Tier = "Basic", Size = "B1", }, }); // ASP.NET deployment package var blob = new Blob("zip", new BlobArgs { StorageAccountName = storageAccount.Name, StorageContainerName = storageContainer.Name, Type = "Block", Source = new FileArchive("./webapp/bin/Debug/netcoreapp2.2/publish"), }); var clientConfig = Output.Create(GetClientConfig.InvokeAsync()); var tenantId = clientConfig.Apply(c => c.TenantId); var currentPrincipal = clientConfig.Apply(c => c.ObjectId); // Key Vault to store secrets (e.g. Blob URL with SAS) var vault = new KeyVault("vault", new KeyVaultArgs { ResourceGroupName = resourceGroup.Name, SkuName = "standard", TenantId = tenantId, AccessPolicies = { new KeyVaultAccessPolicyArgs { TenantId = tenantId, // The current principal has to be granted permissions to Key Vault so that it can actually add and then remove // secrets to/from the Key Vault. Otherwise, 'pulumi up' and 'pulumi destroy' operations will fail. ObjectId = currentPrincipal, SecretPermissions ={ "delete", "get", "list", "set" }, } }, }); // Put the URL of the zip Blob to KV var secret = new Secret("deployment-zip", new SecretArgs { KeyVaultId = vault.Id, Value = SharedAccessSignature.SignedBlobReadUrl(blob, storageAccount), }); var secretUri = Output.Format($"{vault.VaultUri}secrets/{secret.Name}/{secret.Version}"); // The application hosted in App Service var app = new AppService("app", new AppServiceArgs { ResourceGroupName = resourceGroup.Name, AppServicePlanId = appServicePlan.Id, // A system-assigned managed service identity to be used for authentication and authorization to the SQL Database and the Blob Storage Identity = new AppServiceIdentityArgs { Type = "SystemAssigned" }, AppSettings = { // Website is deployed from a URL read from the Key Vault { "WEBSITE_RUN_FROM_ZIP", Output.Format($"@Microsoft.KeyVault(SecretUri={secretUri})") }, // Note that we simply provide the URL without SAS or keys { "StorageBlobUrl", textBlob.Url }, }, ConnectionStrings = { new AppServiceConnectionStringArgs { Name = "db", Type = "SQLAzure", Value = connectionString, }, }, }); // Work around a preview issue https://github.com/pulumi/pulumi-azure/issues/192 var principalId = app.Identity.Apply(id => id.PrincipalId ?? "11111111-1111-1111-1111-111111111111"); // Grant App Service access to KV secrets var policy = new AccessPolicy("app-policy", new AccessPolicyArgs { KeyVaultId = vault.Id, TenantId = tenantId, ObjectId = principalId, SecretPermissions = { "get" }, }); // Make the App Service the admin of the SQL Server (double check if you want a more fine-grained security model in your real app) var sqlAdmin = new ActiveDirectoryAdministrator("adadmin", new ActiveDirectoryAdministratorArgs { ResourceGroupName = resourceGroup.Name, TenantId = tenantId, ObjectId = principalId, Login = "******", ServerName = sqlServer.Name, }); // Grant access from App Service to the container in the storage var blobPermission = new Assignment("readblob", new AssignmentArgs { PrincipalId = principalId, Scope = Output.Format($"{storageAccount.Id}/blobServices/default/containers/{storageContainer.Name}"), RoleDefinitionName = "Storage Blob Data Reader", }); // Add SQL firewall exceptions var firewallRules = app.OutboundIpAddresses.Apply( ips => ips.Split(",").Select( ip => new FirewallRule($"FR{ip}", new FirewallRuleArgs { ResourceGroupName = resourceGroup.Name, StartIpAddress = ip, EndIpAddress = ip, ServerName = sqlServer.Name, }) ).ToList()); this.Endpoint = Output.Format($"https://{app.DefaultSiteHostname}"); }
public void GetSecretsSync() { // Environment variable with the Key Vault endpoint. string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL"); // Instantiate a secret client that will be used to call the service. Notice that the client is using default Azure // credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID', // 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials. var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential()); // Let's create secrets holding storage and bank accounts credentials valid for 1 year. if the secret // already exists in the key vault, then a new version of the secret is created. string bankSecretName = $"BankAccountPassword-{Guid.NewGuid()}"; string storageSecretName = $"StorageAccountPasswor{Guid.NewGuid()}"; var bankSecret = new Secret(bankSecretName, "f4G34fMh8v") { Expires = DateTimeOffset.Now.AddYears(1) }; var storageSecret = new Secret(storageSecretName, "f4G34fMh8v547") { Expires = DateTimeOffset.Now.AddYears(1) }; client.Set(bankSecret); client.Set(storageSecret); // You need to check if any of the secrets are sharing same values. Let's list the secrets and print their values. // List operations don't return the secrets with value information. // So, for each returned secret we call Get to get the secret with its value information. IEnumerable <Response <SecretBase> > secrets = client.GetSecrets(); foreach (SecretBase secret in secrets) { Secret secretWithValue = client.Get(secret.Name); Debug.WriteLine($"Secret is returned with name {secretWithValue.Name} and value {secretWithValue.Value}"); } // The bank account password got updated, so you want to update the secret in key vault to ensure it reflects the new password. // Calling Set on an existing secret creates a new version of the secret in the key vault with the new value. client.Set(bankSecretName, "sskdjfsdasdjsd"); // You need to check all the different values your bank account password secret had previously. // Lets print all the versions of this secret. IEnumerable <Response <SecretBase> > secretVersions = client.GetSecretVersions(bankSecretName); foreach (SecretBase secret in secretVersions) { Debug.WriteLine($"Secret's version {secret.Version} with name {secret.Name}"); } // The bank account was closed. You need to delete its credentials from the key vault. // You also want to delete the information of your storage account. client.Delete(bankSecretName); client.Delete(storageSecretName); // To ensure secrets are deleted on server side. Assert.IsTrue(WaitForDeletedSecret(client, bankSecretName)); Assert.IsTrue(WaitForDeletedSecret(client, storageSecretName)); // You can list all the deleted and non-purged secrets, assuming key vault is soft-delete enabled. IEnumerable <Response <DeletedSecret> > secretsDeleted = client.GetDeletedSecrets(); foreach (DeletedSecret secret in secretsDeleted) { Debug.WriteLine($"Deleted secret's recovery Id {secret.RecoveryId}"); } // If the keyvault is soft-delete enabled, then for permanent deletion, deleted secret needs to be purged. client.PurgeDeleted(bankSecretName); client.PurgeDeleted(storageSecretName); }
/// <summary> /// Recover profile from the mesh using the threshold key shares. /// </summary> /// <param name="Shares">Array containing the necessary shares.</param> /// <returns>UDF of the recovered profile (if successful).</returns> public string RecoverProfile(string[] Shares) { var Combined = new Secret(Shares); //Trace.WriteHex("MasterKey", Combined.Key); var Identifier = CLG.UDF.ToString(CLG.UDF.FromEscrowed(Combined.Key, 150)); return Identifier; }
/// <inheritdoc /> protected override bool OnSendInMessage(Message message) { switch (message.Type) { case MessageTypes.Reset: { _lastMyTradeId = 0; _lastTimeBalanceCheck = null; if (_httpClient != null) { try { _httpClient.Dispose(); } catch (Exception ex) { SendOutError(ex); } _httpClient = null; } if (_pusherClient != null) { try { UnsubscribePusherClient(); _pusherClient.Disconnect(); } catch (Exception ex) { SendOutError(ex); } _pusherClient = null; } SendOutMessage(new ResetMessage()); break; } case MessageTypes.Connect: { if (this.IsTransactional()) { if (!AuthV2 && ClientId.IsEmpty()) { throw new InvalidOperationException(LocalizedStrings.Str3835); } if (Key.IsEmpty()) { throw new InvalidOperationException(LocalizedStrings.Str3689); } if (Secret.IsEmpty()) { throw new InvalidOperationException(LocalizedStrings.Str3690); } } #if !IGNORE_LICENSE var msg = "Crypto".ValidateLicense(component: GetType().Assembly); if (!msg.IsEmpty()) { msg = nameof(BitStamp).ValidateLicense(component: GetType().Assembly); if (!msg.IsEmpty()) { throw new InvalidOperationException(msg); } } #endif if (_httpClient != null) { throw new InvalidOperationException(LocalizedStrings.Str1619); } if (_pusherClient != null) { throw new InvalidOperationException(LocalizedStrings.Str1619); } _httpClient = new HttpClient(ClientId, Key, Secret, AuthV2) { Parent = this }; _pusherClient = new PusherClient { Parent = this }; SubscribePusherClient(); _pusherClient.Connect(); break; } case MessageTypes.Disconnect: { if (_httpClient == null) { throw new InvalidOperationException(LocalizedStrings.Str1856); } if (_pusherClient == null) { throw new InvalidOperationException(LocalizedStrings.Str1856); } _httpClient.Dispose(); _httpClient = null; _pusherClient.Disconnect(); break; } case MessageTypes.PortfolioLookup: { ProcessPortfolioLookup((PortfolioLookupMessage)message); break; } case MessageTypes.OrderStatus: { ProcessOrderStatus((OrderStatusMessage)message); break; } case MessageTypes.OrderRegister: { ProcessOrderRegister((OrderRegisterMessage)message); break; } case MessageTypes.OrderCancel: { ProcessOrderCancel((OrderCancelMessage)message); break; } case MessageTypes.OrderGroupCancel: { ProcessOrderGroupCancel((OrderGroupCancelMessage)message); break; } case MessageTypes.Time: { if (_orderInfo.Count > 0) { ProcessOrderStatus(null); ProcessPortfolioLookup(null); } if (BalanceCheckInterval > TimeSpan.Zero && (_lastTimeBalanceCheck == null || (CurrentTime - _lastTimeBalanceCheck) > BalanceCheckInterval)) { ProcessPortfolioLookup(null); } _pusherClient?.ProcessPing(); //ProcessLevel1(); break; } case MessageTypes.SecurityLookup: { ProcessSecurityLookup((SecurityLookupMessage)message); break; } case MessageTypes.MarketData: { ProcessMarketData((MarketDataMessage)message); break; } default: return(false); } return(true); }
/// <summary> /// Retrieves the secret value, based on the given name /// </summary> /// <param name="secretName">The name of the secret key</param> /// <param name="ignoreCache">Indicates if the cache should be used or skipped</param> /// <returns>Returns a <see cref="Task{TResult}"/> that contains the secret key</returns> /// <exception cref="ArgumentException">The name must not be empty</exception> /// <exception cref="ArgumentNullException">The name must not be null</exception> /// <exception cref="SecretNotFoundException">The secret was not found, using the given name</exception> public async Task <string> GetRawSecretAsync(string secretName, bool ignoreCache) { Secret secret = await GetSecretAsync(secretName, ignoreCache); return(secret?.Value); }
public void ProcessRequest(HttpContext c) { var v = c.Request.QueryString["v"].ToLower().Replace("/", "."); var t = int.Parse(c.Request.QueryString["t"]); var data = (byte[])null; XFace face = null; var assb = Assembly.Load("X.App"); try { face = assb.CreateInstance(String.Format("X.App.{0}.{1}", (t == 1 ? "Views" : "Apis"), v)) as XFace; if (face == null) { throw new XExcep((t == 1 ? "0x0001" : "0x0002"), v); } face.Init(c); data = face.GetResponse(); } catch (XExcep fe) { var rsp = new XResp(fe.ErrCode, fe.ErrMsg); if (t == 1) { var view = assb.CreateInstance(String.Format("X.App.Views.{0}.err", v.Split('.')[0])) as Views.View; if (view == null) { view = assb.CreateInstance("X.App.Views.com.err") as Views.View; } view.Init(c); view.dict.Add("rsp", rsp); view.dict.Add("backurl", Secret.ToBase64(c.Request.RawUrl)); data = view.GetResponse(); } else { data = Encoding.UTF8.GetBytes(Serialize.ToJson(rsp)); } if (fe.ErrCode != "0x0001") { Loger.Error(Serialize.ToJson(rsp)); } } catch (Exception ex) { if (ex is ThreadAbortException) { return; } var resp = new XResp(Guid.NewGuid().ToString(), ex.Message); data = Encoding.UTF8.GetBytes(Serialize.ToJson(resp)); Loger.Fatal(GetType(), ex); } if (data != null) { c.Response.Clear(); c.Response.ContentEncoding = Encoding.UTF8; c.Response.OutputStream.Write(data, 0, data.Length); c.Response.End(); } }