public X509Certificate2 GetSigningCertificate(SigningCertificateSettings certificateSettings, bool isPrimary) { if (isPrimary && string.IsNullOrEmpty(certificateSettings.PrimaryCertificatePath)) { throw new FabricConfigurationException("You must specify a PrimaryCertificatePath when UseTemporarySigningCredential is set to false."); } if (isPrimary && string.IsNullOrEmpty(certificateSettings.PrimaryCertificatePasswordPath)) { throw new FabricConfigurationException("You must specify a PrimaryCertificatePasswordPath when UseTemporarySigningCredential is set to false."); } if (!isPrimary && string.IsNullOrEmpty(certificateSettings.SecondaryCertificatePath)) { throw new FabricConfigurationException("You must specify a PrimaryCertificatePath when UseTemporarySigningCredential is set to false."); } if (!isPrimary && string.IsNullOrEmpty(certificateSettings.SecondaryCertificatePasswordPath)) { throw new FabricConfigurationException("You must specify a PrimaryCertificatePasswordPath when UseTemporarySigningCredential is set to false."); } return(isPrimary ? GetCertFromFile(certificateSettings.PrimaryCertificatePath, certificateSettings.PrimaryCertificatePasswordPath) : GetCertFromFile(certificateSettings.SecondaryCertificatePath, certificateSettings.SecondaryCertificatePasswordPath)); }
internal void ApplySettings(SigningCertificateSettings signingCertificateStoreSettings) { Utility.IfNullThrowNullArgumentException(signingCertificateStoreSettings, "signingCertificateStoreSettings"); this.CertificatesStoreName = signingCertificateStoreSettings.StoreName; this.CertificatesStoreLocation = signingCertificateStoreSettings.StoreLocation; this.CertificatesStoreFindType = signingCertificateStoreSettings.StoreFindType; this.StoreIdentifyingValue = signingCertificateStoreSettings.StoreIdentifyingValue; }
public X509Certificate2 GetEncryptionCertificate(SigningCertificateSettings certificateSettings) { if (string.IsNullOrWhiteSpace(certificateSettings?.EncryptionCertificateThumbprint)) { throw new FabricConfigurationException("You must specify an EncryptionCertificateThumprint if you are encrypting configuration settings."); } return(X509.LocalMachine.My.Thumbprint .Find(CleanThumbprint(certificateSettings.EncryptionCertificateThumbprint), false) .FirstOrDefault()); }
public CouchDbIdentityServerConfigurator( IIdentityServerBuilder identityServerBuilder, IServiceCollection serviceCollection, ICertificateService certificateService, SigningCertificateSettings signingCertificateSettings, HostingOptions hostingOptions, ICouchDbSettings couchDbSettings, ILogger logger) : base(identityServerBuilder, serviceCollection, hostingOptions, logger) { _certificateService = certificateService; _signingCertificateSettings = signingCertificateSettings; _couchDbSettings = couchDbSettings; }
public void DecryptString_HandlesNullOrEmptyString(string stringToDecrypt) { // Arrange var privateKey = GetPrivateKey(); var mockCertificateService = GetMockCertificateService(privateKey); var signingCertificateSettings = new SigningCertificateSettings(); var decryptionService = new DecryptionService(mockCertificateService); // Act var decryptedString = decryptionService.DecryptString(stringToDecrypt, signingCertificateSettings); // Assert Assert.Equal(stringToDecrypt, decryptedString); }
public void DecryptString_ThrowsFormatException_InvalidBase64String() { // Arrange var privateKey = GetPrivateKey(); var stringToEncrypt = Guid.NewGuid().ToString(); var encryptedString = $"{DecryptionService.EncryptionPrefix}{EncryptString(privateKey, stringToEncrypt).Substring(1)}"; var mockCertificateService = GetMockCertificateService(privateKey); var signingCertificateSettings = new SigningCertificateSettings(); var decryptionService = new DecryptionService(mockCertificateService); // Act & Assert Assert.Throws <FormatException>( () => decryptionService.DecryptString(encryptedString, signingCertificateSettings)); }
public X509Certificate2 GetSigningCertificate(SigningCertificateSettings certificateSettings, bool isPrimary = true) { if (isPrimary && string.IsNullOrEmpty(certificateSettings.PrimaryCertificateThumbprint)) { throw new FabricConfigurationException("You must specify a PrimaryCertificateThumbprint when UseTemporarySigningCredential is set to false."); } if (!isPrimary && string.IsNullOrEmpty(certificateSettings.SecondaryCertificateThumbprint)) { throw new FabricConfigurationException("You must specify a SecondardCertificateThumbprint to use AddValdationKeys."); } var thumbprint = GetThumbprint(certificateSettings, isPrimary); return(X509.LocalMachine.My.Thumbprint.Find(thumbprint, validOnly: false).FirstOrDefault()); }
public void DecryptString_ReturnsNonEncryptedString() { // Arrange var privateKey = GetPrivateKey(); var clearTextstringToDecrypt = Guid.NewGuid().ToString(); var mockCertificateService = GetMockCertificateService(privateKey); var signingCertificateSettings = new SigningCertificateSettings(); var decryptionService = new DecryptionService(mockCertificateService); // Act var decryptedString = decryptionService.DecryptString(clearTextstringToDecrypt, signingCertificateSettings); // Assert Assert.Equal(clearTextstringToDecrypt, decryptedString); }
public void DecryptString_DecryptsEncryptedString() { // Arrange var privateKey = GetPrivateKey(); var stringToEncrypt = Guid.NewGuid().ToString(); var encryptedString = $"{DecryptionService.EncryptionPrefix}{EncryptString(privateKey, stringToEncrypt)}"; var mockCertificateService = GetMockCertificateService(privateKey); var signingCertificateSettings = new SigningCertificateSettings(); var decryptionService = new DecryptionService(mockCertificateService); // Act var decryptedString = decryptionService.DecryptString(encryptedString, signingCertificateSettings); // Assert Assert.Equal(stringToEncrypt, decryptedString); }
public string DecryptString(string encryptedString, SigningCertificateSettings signingCertificateSettings) { if (!IsEncrypted(encryptedString)) { return(encryptedString); } var privateKey = _certificateService.GetEncryptionCertificatePrivateKey(signingCertificateSettings); var encryptedPasswordAsBytes = Convert.FromBase64String( encryptedString.Replace(EncryptionPrefix, string.Empty)); var decryptedPasswordAsBytes = privateKey.Decrypt(encryptedPasswordAsBytes, RSAEncryptionPadding.OaepSHA1); return(System.Text.Encoding.UTF8.GetString(decryptedPasswordAsBytes)); }
public static IIdentityServerBuilder AddSigningCredentialAndValidationKeys(this IIdentityServerBuilder identityServerBuilder, SigningCertificateSettings certificateSettings, ICertificateService certificateService, ILogger logger) { if (certificateSettings.UseTemporarySigningCredential) { logger.Information("Using temporary signing credential - this is not recommended for production"); identityServerBuilder.AddDeveloperSigningCredential(); return(identityServerBuilder); } var isLinux = RuntimeInformation.IsOSPlatform(OSPlatform.Linux); identityServerBuilder.AddSigningCredential(certificateService.GetSigningCertificate(certificateSettings)); if (HasSecondarySigningKeys(certificateSettings, isLinux)) { identityServerBuilder.AddValidationKeys( new X509SecurityKey(certificateService.GetSigningCertificate(certificateSettings, isPrimary: false))); } return(identityServerBuilder); }
public void GetCertificate_WithoutCertPath_ThrowsFileNotFoundException(SigningCertificateSettings signingCertificateSettings, bool isPrimary) { var certificateService = new LinuxCertificateService(); Assert.Throws <FileNotFoundException>(() => certificateService.GetSigningCertificate(signingCertificateSettings, isPrimary)); }
public X509Certificate2 GetEncryptionCertificate(SigningCertificateSettings certificateSettings) { throw new FabricConfigurationException("Do not encrypt settings when running on a Linux container, instead use Docker Secrets to protect sensitive configuration settings."); }
internal void ApplySettings(SigningCertificateSettings signingCertificateStoreSettings) { Utility.IfNullThrowNullArgumentException(signingCertificateStoreSettings, "signingCertificateStoreSettings"); this.CertificatesStoreName = signingCertificateStoreSettings.StoreName; this.CertificatesStoreLocation = signingCertificateStoreSettings.StoreLocation; this.CertificatesStoreFindType = signingCertificateStoreSettings.StoreFindType; this.StoreIdentifyingValue = signingCertificateStoreSettings.StoreIdentifyingValue; }
private string GetThumbprint(SigningCertificateSettings certificateSettings, bool isPrimary) { return(isPrimary ? CleanThumbprint(certificateSettings.PrimaryCertificateThumbprint) : CleanThumbprint(certificateSettings.SecondaryCertificateThumbprint)); }
private static bool HasSecondarySigningKeys(SigningCertificateSettings certificateSettings, bool isLinux) { return(isLinux && !string.IsNullOrEmpty(certificateSettings.SecondaryCertificatePath) && !string.IsNullOrEmpty(certificateSettings.SecondaryCertificatePasswordPath) || !isLinux && !string.IsNullOrEmpty(certificateSettings.SecondaryCertificateThumbprint)); }
public RSA GetEncryptionCertificatePrivateKey(SigningCertificateSettings certificateSettings) { var cert = GetEncryptionCertificate(certificateSettings); return(cert.GetRSAPrivateKey()); }
public void GetCertificate_WithoutThumbprint_ThrowsException(SigningCertificateSettings signingCertificateSettings, bool isPrimary) { var certificateService = new WindowsCertificateService(); Assert.Throws <FabricConfigurationException>(() => certificateService.GetSigningCertificate(signingCertificateSettings, isPrimary)); }