public MongoDbClientStoreTests(MongoSetup mongoSetup) : base(mongoSetup) { _migrator = A.Fake <IClientStoreMigrator>(); _collectionName = "clients_" + Guid.NewGuid(); _encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret"); _sut = new MongoDbClientStore(new MongoDatabaseClientProvider(Database), _collectionName, _encryptionKey, _migrator); }
public MongoDbClientStoreTests(MongoSetup mongoSetup) : base(mongoSetup) { _migrator = A.Fake <IClientStoreMigrator>(); _collectionName = "clients_" + Guid.NewGuid(); _encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret"); _signatureAlgorithmDataRecordConverter = new SignatureAlgorithmDataRecordConverter(new FakeStringProtectorFactory()); _sut = new MongoDbClientStore(new MongoDatabaseClientProvider(Database), _collectionName, _encryptionKey, _migrator, _signatureAlgorithmDataRecordConverter); }
public SetSignatureAlgorithm() { _encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret"); _unencryptedKey = "s3cr3t"; _dataRecord = new ClientDataRecord { V = ClientDataRecord.GetV() }; }
public FileSystemClientStore( IFileManager <ClientDataRecord> fileManager, ISignatureAlgorithmDataRecordConverter signatureAlgorithmDataRecordConverter, SharedSecretEncryptionKey encryptionKey) { _fileManager = fileManager ?? throw new ArgumentNullException(nameof(fileManager)); _signatureAlgorithmDataRecordConverter = signatureAlgorithmDataRecordConverter ?? throw new ArgumentNullException(nameof(signatureAlgorithmDataRecordConverter)); _encryptionKey = encryptionKey; }
public ToSignatureAlgorithm() { _encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret"); _unencryptedKey = "s3cr3t"; _recordVersion = 2; _dataRecord = new SignatureAlgorithmDataRecordV2 { Type = "HMAC", Parameter = new FakeStringProtector().Protect(_unencryptedKey), HashAlgorithm = HashAlgorithmName.MD5.Name, IsParameterEncrypted = true }; }
public ToSignatureAlgorithm() { _encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret"); _unencryptedKey = "s3cr3t"; _dataRecord = new ClientDataRecord { SigType = "HMAC", SigParameter = new FakeStringProtector().Protect(_unencryptedKey), SigHashAlgorithm = HashAlgorithmName.MD5.Name, IsSigParameterEncrypted = true, V = ClientDataRecord.GetV() }; }
public FileSystemClientStoreTests() { var tempFilePath = Path.Combine(Path.GetTempPath(), Guid.NewGuid() + ".xml"); _fileManager = new ClientsFileManager( new FileReader(), new FileWriter(), tempFilePath, new ClientDataRecordSerializer()); var encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret"); _signatureAlgorithmDataRecordConverter = new SignatureAlgorithmDataRecordConverter(new FakeStringProtectorFactory()); _sut = new FileSystemClientStore(_fileManager, _signatureAlgorithmDataRecordConverter, encryptionKey); }
private string GetParameterWithEncryption(HMACSignatureAlgorithm hmac, SharedSecretEncryptionKey encryptionKey, out bool isEncrypted) { var unencrypted = Encoding.UTF8.GetString(hmac.Key); if (encryptionKey == SharedSecretEncryptionKey.Empty) { isEncrypted = false; return(unencrypted); } isEncrypted = true; var protector = _stringProtectorFactory.CreateSymmetric(encryptionKey); return(protector.Protect(unencrypted)); }
private string GetUnencryptedParameter(ClientDataRecord dataRecord, SharedSecretEncryptionKey encryptionKey) { if (encryptionKey == SharedSecretEncryptionKey.Empty) { return(dataRecord.SigParameter); } if (!dataRecord.IsSigParameterEncrypted) { return(dataRecord.SigParameter); // The value in the data store is not encrypted } var protector = _stringProtectorFactory.CreateSymmetric(encryptionKey); try { return(protector.Unprotect(dataRecord.SigParameter)); } catch (Exception ex) { throw new SecurityException("Something went wrong during acquisition of the unencrypted symmetric key. See inner exception for details.", ex); } }
public MongoDbClientStore( IMongoDatabaseClientProvider clientProvider, string collectionName, SharedSecretEncryptionKey encryptionKey, IClientStoreMigrator migrator) { if (clientProvider == null) { throw new ArgumentNullException(nameof(clientProvider)); } if (string.IsNullOrEmpty(collectionName)) { throw new ArgumentException("Value cannot be null or empty.", nameof(collectionName)); } _encryptionKey = encryptionKey; _migrator = migrator ?? throw new ArgumentNullException(nameof(migrator)); _lazyCollection = new Lazy <IMongoCollection <ClientDataRecordV2> >(() => { var database = clientProvider.Provide(); return(database.GetCollection <ClientDataRecordV2>(collectionName)); }); }
public ISignatureAlgorithm ToSignatureAlgorithm(ClientDataRecord dataRecord, SharedSecretEncryptionKey encryptionKey) { if (dataRecord == null) { throw new ArgumentNullException(nameof(dataRecord)); } switch (dataRecord.SigType) { case string str when str.Equals("rsa", StringComparison.OrdinalIgnoreCase): using (var rsaForVerification = new RSACryptoServiceProvider()) { rsaForVerification.FromXml(dataRecord.SigParameter); var paramsForVerification = rsaForVerification.ExportParameters(false); return(SignatureAlgorithm.CreateForVerification(paramsForVerification, new HashAlgorithmName(dataRecord.SigHashAlgorithm))); } case string str when str.Equals("ecdsa", StringComparison.OrdinalIgnoreCase): using (var ecdsaForVerification = ECDsa.Create()) { ecdsaForVerification.FromXml(dataRecord.SigParameter); var paramsForVerification = ecdsaForVerification.ExportParameters(false); return(SignatureAlgorithm.CreateForVerification(paramsForVerification, new HashAlgorithmName(dataRecord.SigHashAlgorithm))); } case string str when str.Equals("hmac", StringComparison.OrdinalIgnoreCase): var unencryptedKey = GetUnencryptedParameter(dataRecord, encryptionKey); return(SignatureAlgorithm.CreateForVerification(unencryptedKey, new HashAlgorithmName(dataRecord.SigHashAlgorithm))); default: throw new NotSupportedException($"The specified signature algorithm type ({dataRecord.SigHashAlgorithm ?? "[null]"}) cannot be deserialized."); } }
public FromSignatureAlgorithm() { _encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret"); _unencryptedKey = "s3cr3t"; }
private string GetUnencryptedParameter(SignatureAlgorithmDataRecord dataRecord, SharedSecretEncryptionKey encryptionKey) { var paramValue = XElement.Parse(dataRecord.Param).Value; if (encryptionKey == SharedSecretEncryptionKey.Empty) { return(paramValue); } if (!dataRecord.Encrypted) { return(paramValue); // The value in the data store is not encrypted } var protector = _stringProtectorFactory.CreateSymmetric(encryptionKey); try { return(protector.Unprotect(paramValue)); } catch (Exception ex) { throw new SecurityException("Something went wrong during acquisition of the unencrypted symmetric key. See inner exception for details.", ex); } }
public static SignatureAlgorithmDataRecordV2 FromSignatureAlgorithm(ISignatureAlgorithm signatureAlgorithm, SharedSecretEncryptionKey encryptionKey) { if (signatureAlgorithm == null) { throw new ArgumentNullException(nameof(signatureAlgorithm)); } switch (signatureAlgorithm) { case RSASignatureAlgorithm rsa: return(new SignatureAlgorithmDataRecordV2 { Type = rsa.Name, HashAlgorithm = rsa.HashAlgorithm.Name, Parameter = rsa.GetPublicKey().ToXml(), IsParameterEncrypted = false }); case ECDsaSignatureAlgorithm ecdsa: return(new SignatureAlgorithmDataRecordV2 { Type = ecdsa.Name, HashAlgorithm = ecdsa.HashAlgorithm.Name, Parameter = ecdsa.GetPublicKey().ToXml(), IsParameterEncrypted = false }); case HMACSignatureAlgorithm hmac: return(new SignatureAlgorithmDataRecordV2 { Type = hmac.Name, HashAlgorithm = hmac.HashAlgorithm.Name, Parameter = GetParameterWithEncryption(hmac, encryptionKey, out var isEncrypted), IsParameterEncrypted = isEncrypted });
public void SetSignatureAlgorithm(ClientDataRecord dataRecord, ISignatureAlgorithm signatureAlgorithm, SharedSecretEncryptionKey encryptionKey) { if (dataRecord == null) { throw new ArgumentNullException(nameof(dataRecord)); } if (signatureAlgorithm == null) { throw new ArgumentNullException(nameof(signatureAlgorithm)); } switch (signatureAlgorithm) { case RSASignatureAlgorithm rsa: dataRecord.SigType = rsa.Name; dataRecord.SigHashAlgorithm = rsa.HashAlgorithm.Name; dataRecord.SigParameter = rsa.GetPublicKey().ToXml(); dataRecord.IsSigParameterEncrypted = false; break; case ECDsaSignatureAlgorithm ecdsa: dataRecord.SigType = ecdsa.Name; dataRecord.SigHashAlgorithm = ecdsa.HashAlgorithm.Name; dataRecord.SigParameter = ecdsa.GetPublicKey().ToXml(); dataRecord.IsSigParameterEncrypted = false; break; case HMACSignatureAlgorithm hmac: dataRecord.SigType = hmac.Name; dataRecord.SigHashAlgorithm = hmac.HashAlgorithm.Name; dataRecord.SigParameter = GetParameterWithEncryption(hmac, encryptionKey, out var isEncrypted); dataRecord.IsSigParameterEncrypted = isEncrypted; break; default: throw new NotSupportedException($"The specified signature algorithm of type {signatureAlgorithm.GetType().Name} cannot be serialized."); } }
public SignatureAlgorithmDataRecordTests() { _encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret"); _unencryptedKey = "s3cr3t"; }
public SignatureAlgorithmDataRecord FromSignatureAlgorithm(ISignatureAlgorithm signatureAlgorithm, SharedSecretEncryptionKey encryptionKey) { if (signatureAlgorithm == null) { throw new ArgumentNullException(nameof(signatureAlgorithm)); } switch (signatureAlgorithm) { case RSASignatureAlgorithm rsa: return(new SignatureAlgorithmDataRecord { Type = rsa.Name, Hash = rsa.HashAlgorithm.Name, Param = rsa.GetPublicKey().ToXml(), Encrypted = false }); case ECDsaSignatureAlgorithm ecdsa: return(new SignatureAlgorithmDataRecord { Type = ecdsa.Name, Hash = ecdsa.HashAlgorithm.Name, Param = ecdsa.GetPublicKey().ToXml(), Encrypted = false }); case HMACSignatureAlgorithm hmac: var paramValue = GetParameterWithEncryption(hmac, encryptionKey, out var isEncrypted); var xmlString = new XElement("Secret", paramValue).ToString(); return(new SignatureAlgorithmDataRecord { Type = hmac.Name, Hash = hmac.HashAlgorithm.Name, Param = xmlString, Encrypted = isEncrypted }); default: throw new NotSupportedException($"The specified signature algorithm of type {signatureAlgorithm.GetType().Name} cannot be serialized."); } }