Exemple #1
0
 public SecretServerLibraryCard(Secret secret)
 {
     SecretName = secret.Name;
     Library = secret.Items.First(item => item.FieldName.ToLower() == "library").Value;
     CardNumber = secret.Items.First(item => item.FieldName.ToLower() == "card number").Value;
     Pin = secret.Items.First(item => item.FieldName.ToLower() == "pin").Value;
 }
Exemple #2
0
 public SecretServerSocialSecurityNumber(Secret secret)
 {
     SecretName = secret.Name;
     Name = secret.Items.First(item => item.FieldName.ToLower() == "name").Value;
     Ssn = secret.Items.First(item => item.FieldName.ToLower() == "ssn").Value;
     Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value;
 }
Exemple #3
0
 public static string CreateSecret(Session session, string value)
 {
     Secret secret = new Secret();
     secret.value = value;
     XenRef<Secret> secretRef = Secret.create(session, secret);
     return Secret.get_uuid(session, secretRef.opaque_ref);
 }
Exemple #4
0
 public SecretServerWifiKey(Secret secret)
 {
     SecretName = secret.Name;
     Ssid = secret.Items.First(item => item.FieldName.ToLower() == "ssid").Value;
     KeyType = secret.Items.First(item => item.FieldName.ToLower() == "key type").Value;
     Key = secret.Items.First(item => item.FieldName.ToLower() == "key").Value;
 }
Exemple #5
0
 public SecretServerCertificate(Secret secret)
 {
     SecretName = secret.Name;
     Name = secret.Items.First(item => item.FieldName.ToLower() == "name").Value;
     File = string.Format("https://secretserveronline.com/SecretView.aspx?secretid={0}", secret.Id);
     Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value;
 }
Exemple #6
0
        public void Encrypt_KnownKey()
        {
            // Arrange
            Secret kdk = new Secret(Encoding.UTF8.GetBytes("master key"));
            ManagedAuthenticatedEncryptor encryptor = new ManagedAuthenticatedEncryptor(kdk,
                symmetricAlgorithmFactory: Aes.Create,
                symmetricAlgorithmKeySizeInBytes: 256 / 8,
                validationAlgorithmFactory: () => new HMACSHA256(),
                genRandom: new SequentialGenRandom());
            ArraySegment<byte> plaintext = new ArraySegment<byte>(new byte[] { 0, 1, 2, 3, 4, 5, 6, 7 }, 2, 3);
            ArraySegment<byte> aad = new ArraySegment<byte>(new byte[] { 7, 6, 5, 4, 3, 2, 1, 0 }, 1, 4);

            // Act
            byte[] retVal = encryptor.Encrypt(
                plaintext: plaintext,
                additionalAuthenticatedData: aad);

            // Assert

            // retVal := 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F (keyModifier)
            //         | 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F (IV)
            //         | B7 EA 3E 32 58 93 A3 06 03 89 C6 66 03 63 08 4B (encryptedData)
            //         | 9D 8A 85 C7 0F BD 98 D8 7F 72 E7 72 3E B5 A6 26 (HMAC)
            //         | 6C 38 77 F7 66 19 A2 C9 2C BB AD DA E7 62 00 00

            string retValAsString = Convert.ToBase64String(retVal);
            Assert.Equal("AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh+36j4yWJOjBgOJxmYDYwhLnYqFxw+9mNh/cudyPrWmJmw4d/dmGaLJLLut2udiAAA=", retValAsString);
        }
Exemple #7
0
        public ManagedAuthenticatedEncryptor(Secret keyDerivationKey, Func<SymmetricAlgorithm> symmetricAlgorithmFactory, int symmetricAlgorithmKeySizeInBytes, Func<KeyedHashAlgorithm> validationAlgorithmFactory, IManagedGenRandom genRandom = null)
        {
            _genRandom = genRandom ?? ManagedGenRandomImpl.Instance;
            _keyDerivationKey = keyDerivationKey;

            // Validate that the symmetric algorithm has the properties we require
            using (var symmetricAlgorithm = symmetricAlgorithmFactory())
            {
                _symmetricAlgorithmFactory = symmetricAlgorithmFactory;
                _symmetricAlgorithmBlockSizeInBytes = symmetricAlgorithm.GetBlockSizeInBytes();
                _symmetricAlgorithmSubkeyLengthInBytes = symmetricAlgorithmKeySizeInBytes;
            }

            // Validate that the MAC algorithm has the properties we require
            using (var validationAlgorithm = validationAlgorithmFactory())
            {
                _validationAlgorithmFactory = validationAlgorithmFactory;
                _validationAlgorithmDigestLengthInBytes = validationAlgorithm.GetDigestSizeInBytes();
                _validationAlgorithmSubkeyLengthInBytes = _validationAlgorithmDigestLengthInBytes; // for simplicity we'll generate MAC subkeys with a length equal to the digest length
            }

            // Argument checking on the algorithms and lengths passed in to us
            AlgorithmAssert.IsAllowableSymmetricAlgorithmBlockSize(checked((uint)_symmetricAlgorithmBlockSizeInBytes * 8));
            AlgorithmAssert.IsAllowableSymmetricAlgorithmKeySize(checked((uint)_symmetricAlgorithmSubkeyLengthInBytes * 8));
            AlgorithmAssert.IsAllowableValidationAlgorithmDigestSize(checked((uint)_validationAlgorithmDigestLengthInBytes * 8));

            _contextHeader = CreateContextHeader();
        }
Exemple #8
0
        public void Encrypt_KnownKey()
        {
            // Arrange
            Secret kdk = new Secret(Encoding.UTF8.GetBytes("master key"));
            GcmAuthenticatedEncryptor encryptor = new GcmAuthenticatedEncryptor(kdk, CachedAlgorithmHandles.AES_GCM, symmetricAlgorithmKeySizeInBytes: 128 / 8, genRandom: new SequentialGenRandom());
            ArraySegment<byte> plaintext = new ArraySegment<byte>(new byte[] { 0, 1, 2, 3, 4, 5, 6, 7 }, 2, 3);
            ArraySegment<byte> aad = new ArraySegment<byte>(new byte[] { 7, 6, 5, 4, 3, 2, 1, 0 }, 1, 4);

            // Act
            byte[] retVal = encryptor.Encrypt(
                plaintext: plaintext,
                additionalAuthenticatedData: aad,
                preBufferSize: 3,
                postBufferSize: 4);

            // Assert

            // retVal := 00 00 00 (preBuffer)
            //         | 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F (keyModifier)
            //         | 10 11 12 13 14 15 16 17 18 19 1A 1B (nonce)
            //         | 43 B6 91 (encryptedData)
            //         | 8D 0D 66 D9 A1 D9 44 2D 5D 8E 41 DA 39 60 9C E8 (authTag)
            //         | 00 00 00 00 (postBuffer)

            string retValAsString = Convert.ToBase64String(retVal);
            Assert.Equal("AAAAAAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaG0O2kY0NZtmh2UQtXY5B2jlgnOgAAAAA", retValAsString);
        }
Exemple #9
0
 public SecretServerLicenseKey(Secret secret)
 {
     SecretName = secret.Name;
     SoftwareName = secret.Items.First(item => item.FieldName.ToLower() == "software name").Value;
     LicenseKey = secret.Items.First(item => item.FieldName.ToLower() == "license key").Value;
     File = string.Format("https://secretserveronline.com/SecretView.aspx?secretid={0}", secret.Id);
     Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value;
 }
Exemple #10
0
 public SecretServerPassword(Secret secret)
 {
     SecretName = secret.Name;
     Resource = secret.Items.First(item => item.FieldName.ToLower() == "server").Value;
     Username = secret.Items.First(item => item.FieldName.ToLower() == "username").Value;
     Password = secret.Items.First(item => item.FieldName.ToLower() == "password").Value;
     Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value;
 }
Exemple #11
0
 public SecretServerActiveDirectory(Secret secret)
 {
     SecretName = secret.Name;
     Domain = secret.Items.First(item => item.FieldName.ToLower() == "domain").Value;
     Username = secret.Items.First(item => item.FieldName.ToLower() == "username").Value;
     Password = secret.Items.First(item => item.FieldName.ToLower() == "password").Value;
     Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value;
 }
Exemple #12
0
 public SecretServerProductLicenseKey(Secret secret)
 {
     SecretName = secret.Name;
     LicensedTo = secret.Items.First(item => item.FieldName.ToLower() == "licensed to").Value;
     ProductName = secret.Items.First(item => item.FieldName.ToLower() == "product name").Value;
     LicenseKey = secret.Items.First(item => item.FieldName.ToLower() == "license key").Value;
     Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value;
 }
Exemple #13
0
 public SecretServerWindowsAccount(Secret secret)
 {
     SecretName = secret.Name;
     Machine = secret.Items.First(item => item.FieldName.ToLower() == "machine").Value;
     Username = secret.Items.First(item => item.FieldName.ToLower() == "username").Value;
     Password = secret.Items.First(item => item.FieldName.ToLower() == "password").Value;
     Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value;
 }
Exemple #14
0
 public SecretServerRemoteDesktopAccount(Secret secret)
 {
     SecretName = secret.Name;
     Computer = secret.Items.First(item => item.FieldName.ToLower() == "computer").Value;
     Username = secret.Items.First(item => item.FieldName.ToLower() == "username").Value;
     Password = secret.Items.First(item => item.FieldName.ToLower() == "password").Value;
     Domain = secret.Items.First(item => item.FieldName.ToLower() == "domain").Value;
     Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value;
 }
Exemple #15
0
 public SecretServerEmailAccount(Secret secret)
 {
     SecretName = secret.Name;
     EmailAddress = secret.Items.First(item => item.FieldName.ToLower() == "email address").Value;
     IncomingServer = secret.Items.First(item => item.FieldName.ToLower() == "incoming server").Value;
     OutgoingServer = secret.Items.First(item => item.FieldName.ToLower() == "outgoing server").Value;
     Username = secret.Items.First(item => item.FieldName.ToLower() == "username").Value;
     Password = secret.Items.First(item => item.FieldName.ToLower() == "password").Value;
     Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value;
 }
Exemple #16
0
 public SecretServerCreditCard(Secret secret)
 {
     SecretName = secret.Name;
     FullName = secret.Items.First(item => item.FieldName.ToLower() == "fullname").Value;
     CardNumber = secret.Items.First(item => item.FieldName.ToLower() == "number").Value;
     ExpirationDate = secret.Items.First(item => item.FieldName.ToLower() == "expirationdate").Value;
     SecurityCode = secret.Items.First(item => item.FieldName.ToLower() == "securitycode").Value;
     CardType = secret.Items.First(item => item.FieldName.ToLower() == "cardtype").Value;
     Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value;
 }
Exemple #17
0
 public GcmAuthenticatedEncryptor(Secret keyDerivationKey, BCryptAlgorithmHandle symmetricAlgorithmHandle, uint symmetricAlgorithmKeySizeInBytes, IBCryptGenRandom genRandom = null)
 {
     // Is the key size appropriate?
     AlgorithmAssert.IsAllowableSymmetricAlgorithmKeySize(checked(symmetricAlgorithmKeySizeInBytes * 8));
     CryptoUtil.Assert(symmetricAlgorithmHandle.GetCipherBlockLength() == 128 / 8, "GCM requires a block cipher algorithm with a 128-bit block size.");
     
     _genRandom = genRandom ?? BCryptGenRandomImpl.Instance;
     _sp800_108_ctr_hmac_provider = SP800_108_CTR_HMACSHA512Util.CreateProvider(keyDerivationKey);
     _symmetricAlgorithmHandle = symmetricAlgorithmHandle;
     _symmetricAlgorithmSubkeyLengthInBytes = symmetricAlgorithmKeySizeInBytes;
     _contextHeader = CreateContextHeader();
 }
Exemple #18
0
 public SecretServerBankAccount(Secret secret)
 {
     SecretName = secret.Name;
     AccountNumber = secret.Items.First(item => item.FieldName.ToLower() == "bankaccountnumber").Value;
     RoutingNumber = secret.Items.First(item => item.FieldName.ToLower() == "transitroutingnumber").Value;
     BankName = secret.Items.First(item => item.FieldName.ToLower() == "nameofbank").Value;
     Address1 = secret.Items.First(item => item.FieldName.ToLower() == "address1").Value;
     Address2 = secret.Items.First(item => item.FieldName.ToLower() == "address2").Value;
     Address3 = secret.Items.First(item => item.FieldName.ToLower() == "address3").Value;
     ContactPerson = secret.Items.First(item => item.FieldName.ToLower() == "contactperson").Value;
     ContactPhone = secret.Items.First(item => item.FieldName.ToLower() == "contactphone").Value;
     Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value;
 }
Exemple #19
0
        public void Encrypt_Decrypt_RoundTrips()
        {
            // Arrange
            Secret kdk = new Secret(new byte[512 / 8]);
            GcmAuthenticatedEncryptor encryptor = new GcmAuthenticatedEncryptor(kdk, CachedAlgorithmHandles.AES_GCM, symmetricAlgorithmKeySizeInBytes: 256 / 8);
            ArraySegment<byte> plaintext = new ArraySegment<byte>(Encoding.UTF8.GetBytes("plaintext"));
            ArraySegment<byte> aad = new ArraySegment<byte>(Encoding.UTF8.GetBytes("aad"));

            // Act
            byte[] ciphertext = encryptor.Encrypt(plaintext, aad);
            byte[] decipheredtext = encryptor.Decrypt(new ArraySegment<byte>(ciphertext), aad);

            // Assert
            Assert.Equal(plaintext, decipheredtext);
        }
Exemple #20
0
        internal SecretIdentityItem(Secret secret)
        {
            if (secret == null)
                throw new ArgumentNullException("secret");
            if (secret.Attributes == null)
                throw new ArgumentException(KeyVaultProperties.Resources.InvalidSecretAttributes);

            SetObjectIdentifier(secret);

            Enabled = secret.Attributes.Enabled;
            Expires = secret.Attributes.Expires;
            NotBefore = secret.Attributes.NotBefore;
            Created = secret.Attributes.Created;
            Updated = secret.Attributes.Updated;
            Tags = secret.Attributes.Tags;
        }
Exemple #21
0
        public void Encrypt_Decrypt_RoundTrips()
        {
            // Arrange
            Secret kdk = new Secret(new byte[512 / 8]);
            ManagedAuthenticatedEncryptor encryptor = new ManagedAuthenticatedEncryptor(kdk,
                symmetricAlgorithmFactory: Aes.Create,
                symmetricAlgorithmKeySizeInBytes: 256 / 8,
                validationAlgorithmFactory: () => new HMACSHA256());
            ArraySegment<byte> plaintext = new ArraySegment<byte>(Encoding.UTF8.GetBytes("plaintext"));
            ArraySegment<byte> aad = new ArraySegment<byte>(Encoding.UTF8.GetBytes("aad"));

            // Act
            byte[] ciphertext = encryptor.Encrypt(plaintext, aad);
            byte[] decipheredtext = encryptor.Decrypt(new ArraySegment<byte>(ciphertext), aad);

            // Assert
            Assert.Equal(plaintext, decipheredtext);
        }
Exemple #22
0
        public CbcAuthenticatedEncryptor(Secret keyDerivationKey, BCryptAlgorithmHandle symmetricAlgorithmHandle, uint symmetricAlgorithmKeySizeInBytes, BCryptAlgorithmHandle hmacAlgorithmHandle, IBCryptGenRandom genRandom = null)
        {
            _genRandom = genRandom ?? BCryptGenRandomImpl.Instance;
            _sp800_108_ctr_hmac_provider = SP800_108_CTR_HMACSHA512Util.CreateProvider(keyDerivationKey);
            _symmetricAlgorithmHandle = symmetricAlgorithmHandle;
            _symmetricAlgorithmBlockSizeInBytes = symmetricAlgorithmHandle.GetCipherBlockLength();
            _symmetricAlgorithmSubkeyLengthInBytes = symmetricAlgorithmKeySizeInBytes;
            _hmacAlgorithmHandle = hmacAlgorithmHandle;
            _hmacAlgorithmDigestLengthInBytes = hmacAlgorithmHandle.GetHashDigestLength();
            _hmacAlgorithmSubkeyLengthInBytes = _hmacAlgorithmDigestLengthInBytes; // for simplicity we'll generate HMAC subkeys with a length equal to the digest length

            // Argument checking on the algorithms and lengths passed in to us
            AlgorithmAssert.IsAllowableSymmetricAlgorithmBlockSize(checked(_symmetricAlgorithmBlockSizeInBytes * 8));
            AlgorithmAssert.IsAllowableSymmetricAlgorithmKeySize(checked(_symmetricAlgorithmSubkeyLengthInBytes * 8));
            AlgorithmAssert.IsAllowableValidationAlgorithmDigestSize(checked(_hmacAlgorithmDigestLengthInBytes * 8));

            _contextHeader = CreateContextHeader();
        }
Exemple #23
0
        public void Encrypt_Decrypt_Tampering_Fails()
        {
            // Arrange
            Secret kdk = new Secret(new byte[512 / 8]);
            ManagedAuthenticatedEncryptor encryptor = new ManagedAuthenticatedEncryptor(kdk,
                symmetricAlgorithmFactory: Aes.Create,
                symmetricAlgorithmKeySizeInBytes: 256 / 8,
                validationAlgorithmFactory: () => new HMACSHA256());
            ArraySegment<byte> plaintext = new ArraySegment<byte>(Encoding.UTF8.GetBytes("plaintext"));
            ArraySegment<byte> aad = new ArraySegment<byte>(Encoding.UTF8.GetBytes("aad"));
            byte[] validCiphertext = encryptor.Encrypt(plaintext, aad);

            // Act & assert - 1
            // Ciphertext is too short to be a valid payload
            byte[] invalidCiphertext_tooShort = new byte[10];
            Assert.Throws<CryptographicException>(() =>
            {
                encryptor.Decrypt(new ArraySegment<byte>(invalidCiphertext_tooShort), aad);
            });

            // Act & assert - 2
            // Ciphertext has been manipulated
            byte[] invalidCiphertext_manipulated = (byte[])validCiphertext.Clone();
            invalidCiphertext_manipulated[0] ^= 0x01;
            Assert.Throws<CryptographicException>(() =>
            {
                encryptor.Decrypt(new ArraySegment<byte>(invalidCiphertext_manipulated), aad);
            });

            // Act & assert - 3
            // Ciphertext is too long
            byte[] invalidCiphertext_tooLong = validCiphertext.Concat(new byte[] { 0 }).ToArray();
            Assert.Throws<CryptographicException>(() =>
            {
                encryptor.Decrypt(new ArraySegment<byte>(invalidCiphertext_tooLong), aad);
            });

            // Act & assert - 4
            // AAD is incorrect
            Assert.Throws<CryptographicException>(() =>
            {
                encryptor.Decrypt(new ArraySegment<byte>(validCiphertext), new ArraySegment<byte>(Encoding.UTF8.GetBytes("different aad")));
            });
        }
Exemple #24
0
 // Creates a provider from the given secret.
 public static ISP800_108_CTR_HMACSHA512Provider CreateProvider(Secret kdk)
 {
     uint secretLengthInBytes = checked((uint)kdk.Length);
     if (secretLengthInBytes == 0)
     {
         return CreateEmptyProvider();
     }
     else
     {
         fixed (byte* pbPlaintextSecret = new byte[secretLengthInBytes])
         {
             try
             {
                 kdk.WriteSecretIntoBuffer(pbPlaintextSecret, checked((int)secretLengthInBytes));
                 return CreateProvider(pbPlaintextSecret, secretLengthInBytes);
             }
             finally
             {
                 UnsafeBufferUtil.SecureZeroMemory(pbPlaintextSecret, secretLengthInBytes);
             }
         }
     }
 }
Exemple #25
0
        protected override void ProcessRecord()
        {
            Secret[] secrets;

            switch (this.ParameterSetName)
            {
            case ParameterSetNames.SecretObjects:
                secrets = this.Secret;
                break;

            case ParameterSetNames.SingleInsecureSecret:
                secrets = new Secret[]
                {
                    new Secret()
                    {
                        Name    = this.Name,
                        Version = this.Version,
                        Value   = ToSecureString(this.InsecureValue)
                    }
                };
                break;

            case ParameterSetNames.SingleSecureSecret:
                secrets = new Secret[]
                {
                    new Secret()
                    {
                        Name    = this.Name,
                        Version = this.Version,
                        Value   = this.SecureValue
                    }
                };
                break;

            default:
                throw new InvalidPowerShellStateException(string.Format("Invalid parameter set name '{0}'.", this.ParameterSetName));
            }

            var clusterConnection = this.GetClusterConnection();

            try
            {
                var result = clusterConnection.SetSecretsAsync(
                    secrets,
                    this.GetTimeout(),
                    this.GetCancellationToken()).Result;

                this.WriteObject(result);
            }
            catch (AggregateException aggregateException)
            {
                aggregateException.Handle((ae) =>
                {
                    this.ThrowTerminatingError(
                        ae,
                        "SetSecretsErrorId",
                        clusterConnection);
                    return(true);
                });
            }
            catch (Exception ex)
            {
                this.ThrowTerminatingError(
                    ex,
                    "SetSecretsErrorId",
                    clusterConnection);
            }
        }
Exemple #26
0
 public SecretServerRewardsCard(Secret secret)
 {
     SecretName = secret.Name;
     CardNumber = secret.Items.First(item => item.FieldName.ToLower() == "cardnumber").Value;
     Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value;
 }
Exemple #27
0
 public SecretServerKeyFile(Secret secret)
 {
     SecretName = secret.Name;
     Key = secret.Items.First(item => item.FieldName.ToLower() == "key").Value;
 }
Exemple #28
0
        public CrayonApiClientResult <Secret> Create(string token, Secret secret)
        {
            var uri = "/api/v1/secrets/";

            return(_client.Post <Secret>(token, uri, secret));
        }
Exemple #29
0
 /// <summary>
 /// Dispose
 /// </summary>
 public void Dispose()
 {
     Key?.Dispose();
     Secret?.Dispose();
     PrivateKey?.Dispose();
 }
Exemple #30
0
        public void runUpload(System.Threading.CancellationToken serviceStop)
        {
            DateTime startTime   = DateTime.UtcNow;
            string   uploadToken = "";
            Session  session     = new Session(connection.Hostname, 80);

            session.APIVersion = API_Version.LATEST;

            try
            {
                session.login_with_password(connection.Username, connection.Password);
                connection.LoadCache(session);
                var pool = Helpers.GetPoolOfOne(connection);
                if (pool != null)
                {
                    try
                    {
                        string opaqueref = Secret.get_by_uuid(session, pool.CallHomeSettings.UploadTokenSecretUuid);
                        uploadToken = Secret.get_value(session, opaqueref);
                    }
                    catch (Exception e)
                    {
                        log.Error("Exception getting the upload token from the xapi secret", e);
                        uploadToken = null;
                    }
                }

                if (string.IsNullOrEmpty(uploadToken))
                {
                    if (session != null)
                    {
                        session.logout();
                    }
                    session = null;
                    log.ErrorFormat("The upload token is not retrieved for {0}", connection.Hostname);
                    updateCallHomeSettings(false, startTime);
                    server.task = null;
                    ServerListHelper.instance.UpdateServerInfo(server);
                    return;
                }
            }
            catch (Exception e)
            {
                if (session != null)
                {
                    session.logout();
                }
                session = null;
                log.Error(e, e);
                updateCallHomeSettings(false, startTime);
                server.task = null;
                ServerListHelper.instance.UpdateServerInfo(server);
                return;
            }

            try
            {
                CancellationTokenSource cts    = new CancellationTokenSource();
                Func <string>           upload = delegate()
                {
                    try
                    {
                        return(bundleUpload(connection, session, uploadToken, cts.Token));
                    }
                    catch (OperationCanceledException)
                    {
                        return("");
                    }
                };
                System.Threading.Tasks.Task <string> task = new System.Threading.Tasks.Task <string>(upload);
                task.Start();

                // Check if the task runs to completion before timeout.
                for (int i = 0; i < TIMEOUT; i += INTERVAL)
                {
                    // If the task finishes, set CallHomeSettings accordingly.
                    if (task.IsCompleted || task.IsCanceled || task.IsFaulted)
                    {
                        if (task.Status == System.Threading.Tasks.TaskStatus.RanToCompletion)
                        {
                            string upload_uuid = task.Result;
                            if (!string.IsNullOrEmpty(upload_uuid))
                            {
                                updateCallHomeSettings(true, startTime, upload_uuid);
                            }
                            else
                            {
                                updateCallHomeSettings(false, startTime);
                            }
                        }
                        else
                        {
                            updateCallHomeSettings(false, startTime);
                        }

                        server.task = null;
                        ServerListHelper.instance.UpdateServerInfo(server);
                        return;
                    }

                    // If the main thread (XenServerHealthCheckService) stops,
                    // set the cancel token to notify the working task to return.
                    if (serviceStop.IsCancellationRequested)
                    {
                        cts.Cancel();
                        updateCallHomeSettings(false, startTime);
                        task.Wait();
                        server.task = null;
                        ServerListHelper.instance.UpdateServerInfo(server);
                        return;
                    }

                    System.Threading.Thread.Sleep(INTERVAL);
                }

                // The task has run for 24h, cancel the task and mark it as a failure upload.
                cts.Cancel();
                updateCallHomeSettings(false, startTime);
                task.Wait();
                server.task = null;
                ServerListHelper.instance.UpdateServerInfo(server);
                return;
            }
            catch (Exception e)
            {
                if (session != null)
                {
                    session.logout();
                }
                session = null;
                log.Error(e, e);
                server.task = null;
                ServerListHelper.instance.UpdateServerInfo(server);
            }
        }
Exemple #31
0
        static void Main(string[] args)
        {
            KeyBundle keyBundle  = null; // The key specification and attributes
            Secret    secret     = null;
            string    keyName    = string.Empty;
            string    secretName = string.Empty;

            inputValidator = new InputValidator(args);

            TracingAdapter.AddTracingInterceptor(new ConsoleTracingInterceptor());
            TracingAdapter.IsEnabled = inputValidator.GetTracingEnabled();

            var clientId = ConfigurationManager.AppSettings["AuthClientId"];

            var cerificateThumbprint = ConfigurationManager.AppSettings["AuthCertThumbprint"];

            var certificate   = FindCertificateByThumbprint(cerificateThumbprint);
            var assertionCert = new ClientAssertionCertificate(clientId, certificate);

            keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(
                                                    (authority, resource, scope) => GetAccessToken(authority, resource, scope, assertionCert)),
                                                GetHttpClient());

            // SECURITY: DO NOT USE IN PRODUCTION CODE; FOR TEST PURPOSES ONLY
            //ServicePointManager.ServerCertificateValidationCallback += ( sender, cert, chain, sslPolicyErrors ) => true;

            List <KeyOperationType> successfulOperations = new List <KeyOperationType>();
            List <KeyOperationType> failedOperations     = new List <KeyOperationType>();

            foreach (var operation in inputValidator.GetKeyOperations())
            {
                try
                {
                    Console.Out.WriteLine(string.Format("\n\n {0} is in process ...", operation.ToString()));
                    switch (operation)
                    {
                    case KeyOperationType.CREATE_KEY:
                        keyBundle = CreateKey(keyBundle, out keyName);
                        break;

                    case KeyOperationType.IMPORT_KEY:
                        keyBundle = ImportKey(out keyName);
                        break;

                    case KeyOperationType.GET_KEY:
                        keyBundle = GetKey(keyBundle);
                        break;

                    case KeyOperationType.LIST_KEYVERSIONS:
                        ListKeyVersions(keyName);
                        break;

                    case KeyOperationType.UPDATE_KEY:
                        keyBundle = UpdateKey(keyName);
                        break;

                    case KeyOperationType.DELETE_KEY:
                        DeleteKey(keyName);
                        break;

                    case KeyOperationType.BACKUP_RESTORE:
                        keyBundle = BackupRestoreKey(keyName);
                        break;

                    case KeyOperationType.SIGN_VERIFY:
                        SignVerify(keyBundle);
                        break;

                    case KeyOperationType.ENCRYPT_DECRYPT:
                        EncryptDecrypt(keyBundle);
                        break;

                    case KeyOperationType.ENCRYPT:
                        Encrypt(keyBundle);
                        break;

                    case KeyOperationType.DECRYPT:
                        Decrypt(keyBundle);
                        break;

                    case KeyOperationType.WRAP_UNWRAP:
                        WrapUnwrap(keyBundle);
                        break;

                    case KeyOperationType.CREATE_SECRET:
                        secret = CreateSecret(out secretName);
                        break;

                    case KeyOperationType.GET_SECRET:
                        secret = GetSecret(secret.Id);
                        break;

                    case KeyOperationType.LIST_SECRETS:
                        ListSecrets();
                        break;

                    case KeyOperationType.DELETE_SECRET:
                        secret = DeleteSecret(secretName);
                        break;
                    }
                    successfulOperations.Add(operation);
                }
                catch (KeyVaultClientException exception)
                {
                    // The Key Vault exceptions are logged but not thrown to avoid blocking execution for other commands running in batch
                    Console.Out.WriteLine("Operation failed: {0}", exception.Message);
                    failedOperations.Add(operation);
                }
            }

            Console.Out.WriteLine("\n\n---------------Successful Key Vault operations:---------------");
            foreach (KeyOperationType type in successfulOperations)
            {
                Console.Out.WriteLine("\t{0}", type);
            }

            if (failedOperations.Count > 0)
            {
                Console.Out.WriteLine("\n\n---------------Failed Key Vault operations:---------------");
                foreach (KeyOperationType type in failedOperations)
                {
                    Console.Out.WriteLine("\t{0}", type);
                }
            }

            Console.Out.WriteLine();
            Console.Out.Write("Press enter to continue . . .");
            Console.In.Read();
        }
Exemple #32
0
        /// <summary>
        /// Builds a full connection string with access key included and returns as a <see cref="Microsoft.AdvocacyPlatform.Contracts.Secret"/>.
        /// </summary>
        /// <param name="storageConnectionString">The data store connection string.</param>
        /// <param name="storageAccessKey">The access key for the data store.</param>
        /// <returns>The full connection string as a <see cref="Microsoft.AdvocacyPlatform.Contracts.Secret"/>.</returns>
        public static Secret GetFullStorageConnectionString(string storageConnectionString, Secret storageAccessKey)
        {
            StringBuilder connectionStringBuilder = new StringBuilder(storageConnectionString);

            if (!storageConnectionString.EndsWith(";"))
            {
                connectionStringBuilder = connectionStringBuilder.Append(";");
            }

            connectionStringBuilder.Append("SharedAccessSignature=");

            SecureString securedString = new SecureString();

            foreach (char character in connectionStringBuilder.ToString())
            {
                securedString.AppendChar(character);
            }

            foreach (char character in storageAccessKey.Value)
            {
                securedString.AppendChar(character);
            }

            securedString.MakeReadOnly();

            return(new Secret(storageAccessKey.Identifier, securedString));
        }
Exemple #33
0
        private async Task <TargetUri> CreatePersonalAccessTokenRequestUri(TargetUri targetUri, Secret authorization, bool requireCompactToken)
        {
            const string SessionTokenUrl = "_apis/token/sessiontokens?api-version=1.0";
            const string CompactTokenUrl = SessionTokenUrl + "&tokentype=compact";

            if (targetUri is null)
            {
                throw new ArgumentNullException(nameof(targetUri));
            }
            if (authorization is null)
            {
                throw new ArgumentNullException(nameof(authorization));
            }

            var idenityServiceUri = await GetIdentityServiceUri(targetUri, authorization);

            if (idenityServiceUri is null)
            {
                throw new LocationServiceException($"Failed to find Identity Service for `{targetUri}`.");
            }

            string url = idenityServiceUri.ToString();

            url += requireCompactToken
                ? CompactTokenUrl
                : SessionTokenUrl;

            var requestUri = new Uri(url, UriKind.Absolute);

            return(targetUri.CreateWith(requestUri));
        }
Exemple #34
0
        internal async Task <bool> ValidateSecret(TargetUri targetUri, Secret secret)
        {
            const string AnonymousUserPattern = @"""properties""\s*:\s*{\s*""Account""\s*:\s*{\s*""\$type""\s*:\s*""System.String""\s*,\s*""\$value""\s*:\s*""Anonymous""}\s*}";

            if (targetUri is null)
            {
                throw new ArgumentNullException(nameof(targetUri));
            }

            if (secret is null)
            {
                return(false);
            }

            // Create an request to the Azure DevOps deployment data end-point.
            var requestUri = GetConnectionDataUri(targetUri);
            var options    = new NetworkRequestOptions(true)
            {
                Authorization   = secret,
                CookieContainer = new CookieContainer(),
            };

            try
            {
                // Send the request and wait for the response.
                using (var response = await Network.HttpGetAsync(requestUri, options))
                {
                    HttpStatusCode statusCode = response.StatusCode;
                    string         content    = response?.Content?.AsString;

                    // If the server responds with content, and said content matches the anonymous details the credentials are invalid.
                    if (content != null && Regex.IsMatch(content, AnonymousUserPattern, RegexOptions.CultureInvariant | RegexOptions.IgnoreCase))
                    {
                        Trace.WriteLine($"credential validation for '{targetUri}' failed.");

                        return(false);
                    }

                    // If the service responded with a 2XX status code the credentials are valid.
                    if (statusCode >= HttpStatusCode.OK && statusCode < HttpStatusCode.Ambiguous)
                    {
                        return(true);
                    }

                    Trace.WriteLine($"credential validation for '{targetUri}' failed [{(int)response.StatusCode}].");

                    // Even if the service responded, if the issue isn't a 400 class response then the credentials were likely not rejected.
                    if (statusCode < HttpStatusCode.BadRequest || statusCode >= HttpStatusCode.InternalServerError)
                    {
                        return(true);
                    }
                }
            }
            catch (HttpRequestException exception)
            {
                // Since we're unable to invalidate the credentials, return optimistic results.
                // This avoid credential invalidation due to network instability, etc.
                Trace.WriteLine($"unable to validate credentials for '{targetUri}', failure occurred before server could respond.");
                Trace.WriteException(exception);

                return(true);
            }
            catch (Exception exception)
            {
                Trace.WriteLine($"credential validation for '{targetUri}' failed.");
                Trace.WriteException(exception);

                return(false);
            }

            Trace.WriteLine($"credential validation for '{targetUri}' failed.");
            return(false);
        }
Exemple #35
0
 /// <exclude/>
 public override int GetHashCode()
 {
     return(((Key != null) ? Key.GetHashCode() : 0) ^ ((Secret != null) ? Secret.GetHashCode() : 0));
 }
Exemple #36
0
        public static IEnumerable <Client> GetClients()
        {
            var secret = new Secret {
                Value = "Password123!".Sha256()
            };

            return(new List <Client>
            {
                new Client
                {
                    ClientId = "authorizationCodeClient2",
                    ClientName = "Authorization Code Client",
                    ClientSecrets = new List <Secret> {
                        secret
                    },
                    Enabled = true,
                    AllowedGrantTypes = new List <string> {
                        "authorization_code"
                    },                                                         //DELTA //IdentityServer3 wanted Flow = Flows.AuthorizationCode,
                    RequireConsent = true,
                    AllowRememberConsent = true,
                    RedirectUris =
                        new List <string> {
                        "https://www.getpostman.com/oauth2/callback"
                    },
                    AllowedCorsOrigins =
                        new List <string> {
                        "https://www.getpostman.com/"
                    },
                    PostLogoutRedirectUris =
                        new List <string> {
                        "https://www.getpostman.com/oauth2/callback"
                    },
                    AllowedScopes = new List <string>
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        IdentityServerConstants.StandardScopes.Email,
                        "customAPI.read"
                    },
                    AccessTokenType = AccessTokenType.Jwt,
                    AllowOfflineAccess = true
                },

                new Client {
                    ClientId = "oauthClient",
                    ClientName = "Example Client Credentials Client Application",
                    AllowedGrantTypes = GrantTypes.ClientCredentials,
                    ClientSecrets = new List <Secret> {
                        new Secret("Password123!".Sha256())
                    },
                    AllowedScopes = new List <string>
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        IdentityServerConstants.StandardScopes.Email,
                        "customAPI.read"
                    }
                }
            });
        }
Exemple #37
0
 public SdkOptions(string workflowId, Secret secret) : base(null, secret)
 {
     this.WorkflowId = workflowId;
 }
Exemple #38
0
        private string CreateSecret(Session session, string username, string password)
        {
            string val = string.Format("{0}{1}{2}", username, CREDENTIALS_SEPARATOR, password);

            return(Secret.CreateSecret(session, val));
        }
Exemple #39
0
 protected override Task <Key> OnRotateSecretAsync(Secret secret, CancellationToken token)
 {
     throw new NotImplementedException();
 }
Exemple #40
0
 public SecretImportanceChangedEvent(Secret changedImportanceSecret)
 {
     _changedImportanceSecret = changedImportanceSecret;
 }
Exemple #41
0
 public SecretServerPin(Secret secret)
 {
     SecretName = secret.Name;
     PinCode = secret.Items.First(item => item.FieldName.ToLower() == "pincode").Value;
     Notes = secret.Items.First(item => item.FieldName.ToLower() == "notes").Value;
 }
Exemple #42
0
 public BeforeSpellTriggerInfo(Secret cast)
 {
     spell_cast = cast;
 }
Exemple #43
0
        public async Task<IActionResult> AddClientSecret(NewClientSecretViewModel model)
        {
            if (!ModelState.IsValid)
            {
                return RedirectToAction("EditClient", new { siteId = model.SiteId, clientId = model.ClientId });
            }

            Guid siteId = siteManager.CurrentSite.Id;
            if (!string.IsNullOrEmpty(model.SiteId) && model.SiteId.Length == 36)
            {
                siteId = new Guid(model.SiteId);
            }
            var selectedSite = await siteManager.GetSiteForDataOperations(siteId);

            var client = await clientsManager.FetchClient(selectedSite.Id.ToString(), model.ClientId);
            if (client == null)
            {
                this.AlertDanger(sr["Invalid request, client not found."], true);
                return RedirectToAction("Index");
            }

            var secret = new Secret(model.Value, model.Description, model.Expiration);
            secret.Type = model.Type;

            if (client.ClientSecrets.Contains(secret))
            {
                this.AlertDanger(sr["Client already has a secret with that value."], true);
                return RedirectToAction("EditClient", new { siteId = selectedSite.Id.ToString(), clientId = model.ClientId });
            }
            client.ClientSecrets.Add(secret);

            await clientsManager.UpdateClient(selectedSite.Id.ToString(), client);

            this.AlertSuccess(sr["The Secret was successfully added."], true);

            return RedirectToAction("EditClient", new { siteId = selectedSite.Id.ToString(), clientId = model.ClientId });
        }
Exemple #44
0
 public override int GetHashCode()
 {
     return(Secret?.GetHashCode() ?? 0);
 }
Exemple #45
0
 internal static global::System.Runtime.InteropServices.HandleRef getCPtr(Secret obj)
 {
     return((obj == null) ? new global::System.Runtime.InteropServices.HandleRef(null, global::System.IntPtr.Zero) : obj.swigCPtr);
 }
Exemple #46
0
        /// <summary>
        /// Get the persisted secret from the server, or prompt for new credentials and persist those back to the server.
        /// Completion of this thread is indicated by state.Credentials being set.
        /// </summary>
        /// <param name="obj"></param>
        private void GetSecret(object obj)
        {
            Program.AssertOffEventThread();

            BrowserState state = (BrowserState)obj;

            try
            {
                Session session = state.Obj.Connection.Session;

                do
                {
                    Pool pool = Helpers.GetPoolOfOne(state.Obj.Connection);
                    if (pool == null)
                    {
                        log.Warn("Failed to get Pool!");
                        Thread.Sleep(5000);
                        continue;
                    }

                    string secret_uuid = pool.GetXCPluginSecret(PluginDescriptor.Name, state.Obj);
                    if (string.IsNullOrEmpty(secret_uuid))
                    {
                        var msg = secret_uuid == null ? "Nothing persisted." : "User chose not to persist these credentials.";
                        log.Debug(msg + " Prompting for new credentials.");

                        Program.Invoke(Program.MainWindow, () => { state.Credentials = PromptForUsernamePassword(secret_uuid == null); });
                        MaybePersistCredentials(session, pool, state.Obj, state.Credentials);
                        return;
                    }
                    else
                    {
                        log.Debug("Found a secret.");
                        XenRef <Secret> secret = null;
                        try
                        {
                            secret = Secret.get_by_uuid(session, secret_uuid);
                        }
                        catch (Failure exn)
                        {
                            log.Warn(string.Format("Secret with uuid {0} for {1} on plugin {2} has disappeared! Removing from pool.gui_config.",
                                                   secret_uuid, Helpers.GetName(state.Obj), PluginDescriptor.Name), exn);
                            TryToRemoveSecret(pool, session, PluginDescriptor.Name, state.Obj);
                            continue;
                        }

                        string   val  = Secret.get_value(session, secret);
                        string[] bits = val.Split(CREDENTIALS_SEPARATOR);
                        if (bits.Length != 2)
                        {
                            log.WarnFormat("Corrupt secret with uuid {0} for {1} on plugin {2}! Deleting.", secret_uuid,
                                           Helpers.GetName(state.Obj), PluginDescriptor.Name);

                            TryToDestroySecret(session, secret.opaque_ref);
                            TryToRemoveSecret(pool, session, PluginDescriptor.Name, state.Obj);
                            continue;
                        }

                        log.Debug("Secret successfully read.");

                        state.Credentials = new BrowserState.BrowserCredentials
                        {
                            Username           = bits[0],
                            Password           = bits[1],
                            PersistCredentials = true,
                            Valid = true
                        };
                        return;
                    }

                    // Unreachable.  Should either have returned, or continued (to retry).
                } while (true);
            }
            catch (Exception exn)
            {
                log.Warn("Ignoring exception when trying to get secret", exn);

                // Note that it's essential that we set state.Credentials before leaving this function,
                // because other threads are waiting for that value to appear.
                state.Credentials = new BrowserState.BrowserCredentials {
                    Valid = false
                };
            }
        }
Exemple #47
0
        /// <inheritdoc />
        public override IAuthenticatedEncryptorDescriptor CreateNewDescriptor()
        {
            var internalConfiguration = (IInternalAlgorithmConfiguration)this;

            return(internalConfiguration.CreateDescriptorFromSecret(Secret.Random(KDK_SIZE_IN_BYTES)));
        }
Exemple #48
0
        protected override void Run()
        {
            log.Debug("Running SR.Create()");
            log.DebugFormat("host='{0}'", Host.Name());
            log.DebugFormat("name='{0}'", _srName);
            log.DebugFormat("description='{0}'", _srDescription);
            log.DebugFormat("type='{0}'", _srType);
            log.DebugFormat("content type='{0}'", _srContentType);
            log.DebugFormat("is shared='{0}'", _srIsShared);

            string secretuuid = null;
            string value;

            if (_dconf.TryGetValue("cifspassword", out value))
            {
                secretuuid = CreateSecret("cifspassword", value);
            }
            else if (_dconf.TryGetValue("password", out value))
            {
                secretuuid = CreateSecret("password", value);
            }
            else if (_dconf.TryGetValue("chappassword", out value))
            {
                secretuuid = CreateSecret("chappassword", value);
            }

            Description = Messages.ACTION_SR_CREATING;
            XenRef <SR> sr;

            try
            {
                sr = XenAPI.SR.create(Session, Host.opaque_ref, _dconf, 0,
                                      _srName, _srDescription, _srType.ToString().ToLowerInvariant(),
                                      _srContentType,
                                      _srIsShared,
                                      _smconf ?? new Dictionary <string, string>());

                Result = sr;
            }
            catch
            {
                if (!string.IsNullOrEmpty(secretuuid))
                {
                    string opaqref = Secret.get_by_uuid(Session, secretuuid);
                    Secret.destroy(Session, opaqref);
                }
                throw;
            }
            finally
            {
                // Destroy secret after the SR creation is complete. This is safe
                // since all PBDs will have duplicated the secret (CA-113396).
                //
                // We do this on a best-effort basis because some types of errors
                // mean the secret was never actually created, so the operation will
                // fail, masking any earlier error (CA-145254), or causing a successful
                // SR.create to be reported as an error. The worst that can happen is
                // that an unused secret will be left lying around without warning.
                try
                {
                    if (!string.IsNullOrEmpty(secretuuid) && Helpers.CreedenceOrGreater(Connection))
                    {
                        string opaqref = Secret.get_by_uuid(Session, secretuuid);
                        Secret.destroy(Session, opaqref);
                    }
                }
                catch { }
            }

            log.Debug("Checking that SR.create() actually succeeded");
            foreach (XenRef <PBD> pbdRef in XenAPI.SR.get_PBDs(Session, sr.opaque_ref))
            {
                if (!XenAPI.PBD.get_currently_attached(Session, pbdRef))
                {
                    // The automatic plug done by the SR.create has failed to plug this PDB:
                    // try the plug manually, and report the failure. Roll back the operation
                    // by forgetting the SR.
                    try
                    {
                        XenAPI.PBD.plug(this.Session, pbdRef);
                    }
                    catch (Exception exn)
                    {
                        if (exn is Failure)
                        {
                            Failure f = (Failure)exn;
                            if (f.ErrorDescription[0] == Failure.HOST_OFFLINE ||
                                f.ErrorDescription[0] == Failure.HOST_STILL_BOOTING)
                            {
                                log.Warn("Unable to check storage settings, due to host being down", f);
                            }
                        }
                        else
                        {
                            log.Debug("Plug failed on a PBD: performing SR.forget");
                            ForgetFailedSR(sr);
                            throw;
                        }
                    }
                }
            }

            Dictionary <string, string> other_config = new Dictionary <string, string>();

            other_config.Add("auto-scan", _srContentType == XenAPI.SR.Content_Type_ISO ? "true" : "false");
            XenAPI.SR.set_other_config(Session, Result, other_config);

            if (isFirstSharedNonISOSR())
            {
                SR new_sr = Connection.WaitForCache(new XenRef <SR>(Result), GetCancelling);
                if (Cancelling)
                {
                    throw new CancelledException();
                }
                if (new_sr == null)
                {
                    throw new Failure(Failure.HANDLE_INVALID, "SR", Result);
                }

                // Set this SR to be the default
                new SrAction(SrActionKind.SetAsDefault, new_sr).RunExternal(Session);
            }

            Description = Messages.ACTION_SR_CREATE_SUCCESSFUL;
        }
Exemple #49
0
 protected void AssertSecretsEqual(Secret exp, Secret act)
 {
     Assert.AreEqual(exp.Value, act.Value);
     AssertSecretsEqual((SecretBase)exp, (SecretBase)act);
 }
Exemple #50
0
 public void Convert(string template, Secret secret)
 {
     _browser.NativeBrowser.NavigateTo(new Uri("https://lionlock.com/App/Secret/SecretSelectTemplate"));
     switch (template)
     {
         case "Bank Account":
             ConvertBankAccount(secret);
             break;
         case "Credit Card":
             ConvertCreditCard(secret);
             break;
         case "Social Security Number":
             ConvertSsn(secret);
             break;
         case "License Key":
             ConvertLicenseKey(secret);
             break;
         case "KeyFile":
             ConvertKeyFile(secret);
             break;
         case "Certificate":
             ConvertCertificate(secret);
             break;
         case "Product License Key":
             ConvertProductLicenceKey(secret);
             break;
         case "Password":
             ConvertPassword(secret);
             break;
         case "Active Directory Account":
             ConvertActiveDirectory(secret);
             break;
         case "Windows Account":
             ConvertWindowsAccounts(secret);
             break;
         case "Remote Desktop Account":
             ConvertRemoteDesktopAccount(secret);
             break;
         case "Pin":
             ConvertPin(secret);
             break;
         case "Library Card":
             ConvertLibraryCard(secret);
             break;
         case "Rewards Card":
             ConvertRewardsCard(secret);
             break;
         case "Web Password":
             ConvertWebPassword(secret);
             break;
         case "Email Account":
             ConvertEmailAccount(secret);
             break;
         case "WiFi Key":
             ConvertWifiKey(secret);
             break;
         default:
             throw new NotImplementedException();
     }
     Save(secret);
     FavoriteIfNeeded(secret);
     _log.AppendLine("---");
 }
Exemple #51
0
 protected override void Awake()
 {
     base.Awake();
     secret = GetComponent <Secret>();
 }
Exemple #52
0
        public void LedgerTransformationTestMerkleHash()
        {
            using (var context = CreateContext(true))
            {
                var sender  = BTC_ISSUER;
                var signer1 = CreateAccount();
                var signer2 = CreateAccount();

                var signers = new List <Address>()
                {
                    signer1, signer2
                };
                var multi = new MultiSignature(signers, 2);

                var secret   = Secret.GenerateSecret();
                var hashlock = new HashLock(secret.ComputeSecretHash(SecretHashType.SHA3));

                var timeLock = new TimeLock(DateTime.Now.AddDays(-1).ToUnixTimestamp());

                var signed = Transfer(sender, multi.Address, Currency.BTC, 10, null, null, new List <TxDeclaration>()
                {
                    multi, hashlock, timeLock
                });
                context.SendTransaction(signed);

                var signed1 = Transfer(sender, hashlock.Address, Currency.BTC, 10, null, null, new List <TxDeclaration>()
                {
                    multi, hashlock, timeLock
                });
                context.SendTransaction(signed1);

                var signed2 = Transfer(sender, timeLock.Address, Currency.BTC, 10, null, null, new List <TxDeclaration>()
                {
                    multi, hashlock, timeLock
                });
                context.SendTransaction(signed2);

                // Send address declaration but don't use the address
                var signed3 = Transfer(sender, timeLock.Address, Currency.BTC, 10, null, null, new List <TxDeclaration>()
                {
                    new MultiSignature(new List <Address>()
                    {
                        CreateAccount(), CreateAccount(), CreateAccount()
                    }, 3)
                });
                context.SendTransaction(signed3);

                // Send address declaration but don't use the address
                var signed4 = Transfer(sender, timeLock.Address, Currency.BTC, 10, null, null, new List <TxDeclaration>()
                {
                    new HashLock(Secret.GenerateSecret().ComputeSecretHash(SecretHashType.SHA256))
                });
                context.SendTransaction(signed4);

                // Send address declaration but don't use the address
                var signed5 = Transfer(sender, timeLock.Address, Currency.BTC, 10, null, null, new List <TxDeclaration>()
                {
                    new TimeLock(777)
                });
                context.SendTransaction(signed5);

                Assert.IsTrue(context.TryCreateNextLedger());

                context.DataTransformationService.WaitTransformationCompleted();

                var last = context.LedgerService.LedgerManager.GetMerkleRootHash();

                Assert.Fail();

                /*
                 * var fromDb = context.DatabaseService.ReadDatabaseManager.GetLastLedger();
                 *
                 * if(fromDb.GetHeight() != context.LedgerService.LedgerManager.LastLedger.GetHeight())
                 *  Assert.Inconclusive();
                 *
                 * Assert.IsTrue(last.Equals(fromDb.Ledger.MerkleHash));
                 */
            }
        }
Exemple #53
0
 public void Clear()
 {
     Secret.Clear();
     Public.Clear();
 }
Exemple #54
0
        private async Task SubmitDocuments(ConsoleButton consoleButton)
        {
            try
            {
                switch (consoleButton.Name)
                {
                //Handle each Button's functionality
                case "Submit Documents":
                    int   workspaceId = this.Helper.GetActiveCaseID();
                    int   modelId     = this.ActiveArtifact.ArtifactID;
                    Model model       = new Model();

                    //Get Documents In SavedSearch
                    int savedSearchId = (int)this.ActiveArtifact.Fields[Guids.Model.SAVED_SEARCH_FIELD.ToString()].Value.Value;
                    await model.ReadDocumentsInSavedSeach(Helper.GetServicesManager(), workspaceId, savedSearchId);

                    //Could have made function shared with the other event handler but left here for demo
                    Relativity.API.IDBContext workspaceContext = Helper.GetDBContext(workspaceId);
                    string        documentLocation             = string.Empty;
                    List <string> documentLocations            = new List <string>();
                    foreach (int documentArtifactId in model.DocsInSearch)
                    {
                        string       sql = @"SELECT [Location] FROM [file] WITH(NOLOCK) WHERE [DocumentArtifactId] = @documentArtifactID AND [Type] = 0";
                        SqlParameter documentArtifactIdParam = new SqlParameter("@documentArtifactID", SqlDbType.Int);
                        documentArtifactIdParam.Value = documentArtifactId;
                        documentLocation = workspaceContext.ExecuteSqlStatementAsScalar <String>(sql, new SqlParameter[] { documentArtifactIdParam });
                        documentLocations.Add(documentLocation);
                    }

                    //get secrets
                    AzureSettings azureSettings = new AzureSettings();

                    ISecretStore secretStore                = this.Helper.GetSecretStore();
                    Secret       secret                     = secretStore.Get(azureSettings.SecretPath);
                    string       congnitiveServicesKey      = secret.Data[azureSettings.CognitiveServicesKeySecretName];
                    string       congnitiveServicesEndPoint = secret.Data[azureSettings.CognitiveServicesEndpointSecretName];
                    string       storageAccountKey          = secret.Data[azureSettings.StorageAccountKeySecretName];
                    string       storageAccountName         = secret.Data[azureSettings.StorageAccountNameSecretName];


                    //upload documents to New Container
                    AzureStorageService azureStorageService             = new FormRecognition.AzureStorageService(storageAccountKey, storageAccountName);
                    Microsoft.Azure.Storage.Blob.CloudBlobClient client = azureStorageService.GetClient();
                    string containerPrefix = workspaceId.ToString() + "-" + modelId.ToString();
                    string sasUrl          = azureStorageService.UploadFiles(client, documentLocations, containerPrefix);
                    string containerName   = azureStorageService.ContainerName;

                    //Train model
                    AzureFormRecognitionService azureFormRecognitionService = new FormRecognition.AzureFormRecognitionService(congnitiveServicesKey, congnitiveServicesEndPoint, Helper);
                    Guid modeld = await azureFormRecognitionService.TrainModelAsync(azureFormRecognitionService.GetClient(), sasUrl);

                    model.ModelGuid = modeld;
                    model.SasUrl    = sasUrl;

                    //Update Relativity with data returned
                    await model.UpdateRelativity(Helper.GetServicesManager(), workspaceId, modelId);

                    break;
                }
            }
            catch (Exception e)
            {
                Helper.GetLoggerFactory().GetLogger().LogError(e, "Submit Documents Error");
                throw;
            }
        }
Exemple #55
0
    public AppStack()
    {
        var resourceGroup = new ResourceGroup("keyvault-rg");

        // Create a storage account for Blobs
        var storageAccount = new Account("storage", new AccountArgs
        {
            ResourceGroupName      = resourceGroup.Name,
            AccountReplicationType = "LRS",
            AccountTier            = "Standard",
        });

        // The container to put our files into
        var storageContainer = new Container("files", new ContainerArgs
        {
            StorageAccountName  = storageAccount.Name,
            ContainerAccessType = "private",
        });

        // Azure SQL Server that we want to access from the application
        var administratorLoginPassword = new RandomPassword("password",
                                                            new RandomPasswordArgs {
            Length = 16, Special = true
        }).Result;
        var sqlServer = new SqlServer("sqlserver", new SqlServerArgs
        {
            ResourceGroupName = resourceGroup.Name,
            // The login and password are required but won't be used in our application
            AdministratorLogin         = "******",
            AdministratorLoginPassword = administratorLoginPassword,
            Version = "12.0",
        });

        // Azure SQL Database that we want to access from the application
        var database = new Database("db", new DatabaseArgs
        {
            ResourceGroupName             = resourceGroup.Name,
            ServerName                    = sqlServer.Name,
            RequestedServiceObjectiveName = "S0",
        });

        // The connection string that has no credentials in it: authertication will come through MSI
        var connectionString =
            Output.Format($"Server=tcp:{sqlServer.Name}.database.windows.net;Database={database.Name};");

        // A file in Blob Storage that we want to access from the application
        var textBlob = new Blob("text", new BlobArgs
        {
            StorageAccountName   = storageAccount.Name,
            StorageContainerName = storageContainer.Name,
            Type   = "Block",
            Source = new FileAsset("./README.md"),
        });

        // A plan to host the App Service
        var appServicePlan = new Plan("asp", new PlanArgs
        {
            ResourceGroupName = resourceGroup.Name,
            Kind = "App",
            Sku  = new PlanSkuArgs
            {
                Tier = "Basic",
                Size = "B1",
            },
        });

        // ASP.NET deployment package
        var blob = new Blob("zip", new BlobArgs
        {
            StorageAccountName   = storageAccount.Name,
            StorageContainerName = storageContainer.Name,
            Type   = "Block",
            Source = new FileArchive("./webapp/bin/Debug/netcoreapp2.2/publish"),
        });

        var clientConfig     = Output.Create(GetClientConfig.InvokeAsync());
        var tenantId         = clientConfig.Apply(c => c.TenantId);
        var currentPrincipal = clientConfig.Apply(c => c.ObjectId);

        // Key Vault to store secrets (e.g. Blob URL with SAS)
        var vault = new KeyVault("vault", new KeyVaultArgs
        {
            ResourceGroupName = resourceGroup.Name,
            SkuName           = "standard",
            TenantId          = tenantId,
            AccessPolicies    =
            {
                new KeyVaultAccessPolicyArgs
                {
                    TenantId = tenantId,
                    // The current principal has to be granted permissions to Key Vault so that it can actually add and then remove
                    // secrets to/from the Key Vault. Otherwise, 'pulumi up' and 'pulumi destroy' operations will fail.
                    ObjectId          = currentPrincipal,
                    SecretPermissions ={ "delete",                         "get", "list", "set" },
                }
            },
        });

        // Put the URL of the zip Blob to KV
        var secret = new Secret("deployment-zip", new SecretArgs
        {
            KeyVaultId = vault.Id,
            Value      = SharedAccessSignature.SignedBlobReadUrl(blob, storageAccount),
        });
        var secretUri = Output.Format($"{vault.VaultUri}secrets/{secret.Name}/{secret.Version}");


        // The application hosted in App Service
        var app = new AppService("app", new AppServiceArgs
        {
            ResourceGroupName = resourceGroup.Name,
            AppServicePlanId  = appServicePlan.Id,
            // A system-assigned managed service identity to be used for authentication and authorization to the SQL Database and the Blob Storage
            Identity = new AppServiceIdentityArgs {
                Type = "SystemAssigned"
            },

            AppSettings =
            {
                // Website is deployed from a URL read from the Key Vault
                { "WEBSITE_RUN_FROM_ZIP", Output.Format($"@Microsoft.KeyVault(SecretUri={secretUri})") },

                // Note that we simply provide the URL without SAS or keys
                { "StorageBlobUrl",       textBlob.Url                                                 },
            },
            ConnectionStrings =
            {
                new AppServiceConnectionStringArgs
                {
                    Name  = "db",
                    Type  = "SQLAzure",
                    Value = connectionString,
                },
            },
        });

        // Work around a preview issue https://github.com/pulumi/pulumi-azure/issues/192
        var principalId = app.Identity.Apply(id => id.PrincipalId ?? "11111111-1111-1111-1111-111111111111");

        // Grant App Service access to KV secrets
        var policy = new AccessPolicy("app-policy", new AccessPolicyArgs
        {
            KeyVaultId        = vault.Id,
            TenantId          = tenantId,
            ObjectId          = principalId,
            SecretPermissions = { "get" },
        });

        // Make the App Service the admin of the SQL Server (double check if you want a more fine-grained security model in your real app)
        var sqlAdmin = new ActiveDirectoryAdministrator("adadmin", new ActiveDirectoryAdministratorArgs
        {
            ResourceGroupName = resourceGroup.Name,
            TenantId          = tenantId,
            ObjectId          = principalId,
            Login             = "******",
            ServerName        = sqlServer.Name,
        });

        // Grant access from App Service to the container in the storage
        var blobPermission = new Assignment("readblob", new AssignmentArgs
        {
            PrincipalId        = principalId,
            Scope              = Output.Format($"{storageAccount.Id}/blobServices/default/containers/{storageContainer.Name}"),
            RoleDefinitionName = "Storage Blob Data Reader",
        });

        // Add SQL firewall exceptions
        var firewallRules = app.OutboundIpAddresses.Apply(
            ips => ips.Split(",").Select(
                ip => new FirewallRule($"FR{ip}", new FirewallRuleArgs
        {
            ResourceGroupName = resourceGroup.Name,
            StartIpAddress    = ip,
            EndIpAddress      = ip,
            ServerName        = sqlServer.Name,
        })
                ).ToList());

        this.Endpoint = Output.Format($"https://{app.DefaultSiteHostname}");
    }
Exemple #56
0
        public void GetSecretsSync()
        {
            // Environment variable with the Key Vault endpoint.
            string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");

            // Instantiate a secret client that will be used to call the service. Notice that the client is using default Azure
            // credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
            // 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials.
            var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());

            // Let's create secrets holding storage and bank accounts credentials valid for 1 year. if the secret
            // already exists in the key vault, then a new version of the secret is created.
            string bankSecretName    = $"BankAccountPassword-{Guid.NewGuid()}";
            string storageSecretName = $"StorageAccountPasswor{Guid.NewGuid()}";

            var bankSecret = new Secret(bankSecretName, "f4G34fMh8v")
            {
                Expires = DateTimeOffset.Now.AddYears(1)
            };

            var storageSecret = new Secret(storageSecretName, "f4G34fMh8v547")
            {
                Expires = DateTimeOffset.Now.AddYears(1)
            };

            client.Set(bankSecret);
            client.Set(storageSecret);

            // You need to check if any of the secrets are sharing same values. Let's list the secrets and print their values.
            // List operations don't return the secrets with value information.
            // So, for each returned secret we call Get to get the secret with its value information.

            IEnumerable <Response <SecretBase> > secrets = client.GetSecrets();

            foreach (SecretBase secret in secrets)
            {
                Secret secretWithValue = client.Get(secret.Name);
                Debug.WriteLine($"Secret is returned with name {secretWithValue.Name} and value {secretWithValue.Value}");
            }

            // The bank account password got updated, so you want to update the secret in key vault to ensure it reflects the new password.
            // Calling Set on an existing secret creates a new version of the secret in the key vault with the new value.
            client.Set(bankSecretName, "sskdjfsdasdjsd");

            // You need to check all the different values your bank account password secret had previously.
            // Lets print all the versions of this secret.
            IEnumerable <Response <SecretBase> > secretVersions = client.GetSecretVersions(bankSecretName);

            foreach (SecretBase secret in secretVersions)
            {
                Debug.WriteLine($"Secret's version {secret.Version} with name {secret.Name}");
            }

            // The bank account was closed. You need to delete its credentials from the key vault.
            // You also want to delete the information of your storage account.
            client.Delete(bankSecretName);
            client.Delete(storageSecretName);

            // To ensure secrets are deleted on server side.
            Assert.IsTrue(WaitForDeletedSecret(client, bankSecretName));
            Assert.IsTrue(WaitForDeletedSecret(client, storageSecretName));

            // You can list all the deleted and non-purged secrets, assuming key vault is soft-delete enabled.
            IEnumerable <Response <DeletedSecret> > secretsDeleted = client.GetDeletedSecrets();

            foreach (DeletedSecret secret in secretsDeleted)
            {
                Debug.WriteLine($"Deleted secret's recovery Id {secret.RecoveryId}");
            }

            // If the keyvault is soft-delete enabled, then for permanent deletion, deleted secret needs to be purged.
            client.PurgeDeleted(bankSecretName);
            client.PurgeDeleted(storageSecretName);
        }
Exemple #57
0
        /// <summary>
        /// Recover profile from the mesh using the threshold key shares.
        /// </summary>
        /// <param name="Shares">Array containing the necessary shares.</param>
        /// <returns>UDF of the recovered profile (if successful).</returns>
        public string RecoverProfile(string[] Shares) {
            var Combined = new Secret(Shares);
            //Trace.WriteHex("MasterKey", Combined.Key);
            var Identifier = CLG.UDF.ToString(CLG.UDF.FromEscrowed(Combined.Key, 150));

            return Identifier;
            }
Exemple #58
0
        /// <inheritdoc />
        protected override bool OnSendInMessage(Message message)
        {
            switch (message.Type)
            {
            case MessageTypes.Reset:
            {
                _lastMyTradeId        = 0;
                _lastTimeBalanceCheck = null;

                if (_httpClient != null)
                {
                    try
                    {
                        _httpClient.Dispose();
                    }
                    catch (Exception ex)
                    {
                        SendOutError(ex);
                    }

                    _httpClient = null;
                }

                if (_pusherClient != null)
                {
                    try
                    {
                        UnsubscribePusherClient();
                        _pusherClient.Disconnect();
                    }
                    catch (Exception ex)
                    {
                        SendOutError(ex);
                    }

                    _pusherClient = null;
                }

                SendOutMessage(new ResetMessage());

                break;
            }

            case MessageTypes.Connect:
            {
                if (this.IsTransactional())
                {
                    if (!AuthV2 && ClientId.IsEmpty())
                    {
                        throw new InvalidOperationException(LocalizedStrings.Str3835);
                    }

                    if (Key.IsEmpty())
                    {
                        throw new InvalidOperationException(LocalizedStrings.Str3689);
                    }

                    if (Secret.IsEmpty())
                    {
                        throw new InvalidOperationException(LocalizedStrings.Str3690);
                    }
                }

#if !IGNORE_LICENSE
                var msg = "Crypto".ValidateLicense(component: GetType().Assembly);
                if (!msg.IsEmpty())
                {
                    msg = nameof(BitStamp).ValidateLicense(component: GetType().Assembly);

                    if (!msg.IsEmpty())
                    {
                        throw new InvalidOperationException(msg);
                    }
                }
#endif

                if (_httpClient != null)
                {
                    throw new InvalidOperationException(LocalizedStrings.Str1619);
                }

                if (_pusherClient != null)
                {
                    throw new InvalidOperationException(LocalizedStrings.Str1619);
                }

                _httpClient = new HttpClient(ClientId, Key, Secret, AuthV2)
                {
                    Parent = this
                };

                _pusherClient = new PusherClient {
                    Parent = this
                };
                SubscribePusherClient();
                _pusherClient.Connect();

                break;
            }

            case MessageTypes.Disconnect:
            {
                if (_httpClient == null)
                {
                    throw new InvalidOperationException(LocalizedStrings.Str1856);
                }

                if (_pusherClient == null)
                {
                    throw new InvalidOperationException(LocalizedStrings.Str1856);
                }

                _httpClient.Dispose();
                _httpClient = null;

                _pusherClient.Disconnect();

                break;
            }

            case MessageTypes.PortfolioLookup:
            {
                ProcessPortfolioLookup((PortfolioLookupMessage)message);
                break;
            }

            case MessageTypes.OrderStatus:
            {
                ProcessOrderStatus((OrderStatusMessage)message);
                break;
            }

            case MessageTypes.OrderRegister:
            {
                ProcessOrderRegister((OrderRegisterMessage)message);
                break;
            }

            case MessageTypes.OrderCancel:
            {
                ProcessOrderCancel((OrderCancelMessage)message);
                break;
            }

            case MessageTypes.OrderGroupCancel:
            {
                ProcessOrderGroupCancel((OrderGroupCancelMessage)message);
                break;
            }

            case MessageTypes.Time:
            {
                if (_orderInfo.Count > 0)
                {
                    ProcessOrderStatus(null);
                    ProcessPortfolioLookup(null);
                }

                if (BalanceCheckInterval > TimeSpan.Zero &&
                    (_lastTimeBalanceCheck == null || (CurrentTime - _lastTimeBalanceCheck) > BalanceCheckInterval))
                {
                    ProcessPortfolioLookup(null);
                }

                _pusherClient?.ProcessPing();

                //ProcessLevel1();
                break;
            }

            case MessageTypes.SecurityLookup:
            {
                ProcessSecurityLookup((SecurityLookupMessage)message);
                break;
            }

            case MessageTypes.MarketData:
            {
                ProcessMarketData((MarketDataMessage)message);
                break;
            }

            default:
                return(false);
            }

            return(true);
        }
Exemple #59
0
        /// <summary>
        /// Retrieves the secret value, based on the given name
        /// </summary>
        /// <param name="secretName">The name of the secret key</param>
        /// <param name="ignoreCache">Indicates if the cache should be used or skipped</param>
        /// <returns>Returns a <see cref="Task{TResult}"/> that contains the secret key</returns>
        /// <exception cref="ArgumentException">The name must not be empty</exception>
        /// <exception cref="ArgumentNullException">The name must not be null</exception>
        /// <exception cref="SecretNotFoundException">The secret was not found, using the given name</exception>
        public async Task <string> GetRawSecretAsync(string secretName, bool ignoreCache)
        {
            Secret secret = await GetSecretAsync(secretName, ignoreCache);

            return(secret?.Value);
        }
Exemple #60
0
        public void ProcessRequest(HttpContext c)
        {
            var   v    = c.Request.QueryString["v"].ToLower().Replace("/", ".");
            var   t    = int.Parse(c.Request.QueryString["t"]);
            var   data = (byte[])null;
            XFace face = null;
            var   assb = Assembly.Load("X.App");

            try
            {
                face = assb.CreateInstance(String.Format("X.App.{0}.{1}", (t == 1 ? "Views" : "Apis"), v)) as XFace;
                if (face == null)
                {
                    throw new XExcep((t == 1 ? "0x0001" : "0x0002"), v);
                }
                face.Init(c);
                data = face.GetResponse();
            }
            catch (XExcep fe)
            {
                var rsp = new XResp(fe.ErrCode, fe.ErrMsg);
                if (t == 1)
                {
                    var view = assb.CreateInstance(String.Format("X.App.Views.{0}.err", v.Split('.')[0])) as Views.View;
                    if (view == null)
                    {
                        view = assb.CreateInstance("X.App.Views.com.err") as Views.View;
                    }
                    view.Init(c);
                    view.dict.Add("rsp", rsp);
                    view.dict.Add("backurl", Secret.ToBase64(c.Request.RawUrl));
                    data = view.GetResponse();
                }
                else
                {
                    data = Encoding.UTF8.GetBytes(Serialize.ToJson(rsp));
                }
                if (fe.ErrCode != "0x0001")
                {
                    Loger.Error(Serialize.ToJson(rsp));
                }
            }
            catch (Exception ex)
            {
                if (ex is ThreadAbortException)
                {
                    return;
                }
                var resp = new XResp(Guid.NewGuid().ToString(), ex.Message);
                data = Encoding.UTF8.GetBytes(Serialize.ToJson(resp));
                Loger.Fatal(GetType(), ex);
            }

            if (data != null)
            {
                c.Response.Clear();
                c.Response.ContentEncoding = Encoding.UTF8;
                c.Response.OutputStream.Write(data, 0, data.Length);
                c.Response.End();
            }
        }