private static void ValidateAbstractSecret(int version, IReadOnlyCollection <byte> secret)
{
var invalidVersion = version < 0;
s_helper.Check <StorageClientException>(invalidVersion, Messages.Secret.s_errIncorrectVersion);
var invalidSecret = secret == null || secret.Count == 0;
s_helper.Check <StorageClientException>(invalidSecret, Messages.SecretsDataGenerator.s_errNullSecret);
}
public Secret GetSecret(int?version)
{
if (version == null)
{
return(CurrentSecret);
}
var secret = Secrets.Find(secretKey => secretKey.Version == version);
s_helper.Check <StorageClientException>(secret == null, Messages.SecretsData.s_errIllegalVersion, version);
return(secret);
}
private static void Validate(IReadOnlyCollection <long> values, string @operator)
{
var invalidFilter = values == null || values.Count == 0;
s_helper.Check <StorageClientException>(invalidFilter, Messages.NumberFilter.s_errNullNumberFilter);
var invalidOperator = !s_allOperators.Contains(@operator);
s_helper.Check <StorageClientException>(invalidOperator,
Messages.NumberFilter.s_errIllegalNumberFilterOperator);
var invalidSingleOperatorValues = !s_multipleValueOperators.Contains(@operator) && values.Count > 1;
s_helper.Check <StorageClientException>(invalidSingleOperatorValues,
Messages.NumberFilter.s_errIllegalSingleNumberFilterOperator);
}
public EncryptionKey(int version, byte[] secretBytes) : base(version, secretBytes)
{
#pragma warning disable CA1062
var invalidLength = secretBytes.Length != KeyLength;
#pragma warning restore CA1062
s_helper.Check <StorageClientException>(invalidLength, Messages.Secret.s_errKeyLength);
}
public string Decrypt(string cipherText, Secret secret = null)
{
s_helper.Check <StorageCryptoException>(string.IsNullOrEmpty(cipherText),
Messages.AesGcmCipher.s_errWrongEncryptedText);
var decodedBytes = Convert.FromBase64String(cipherText);
return(DecodeBytes(decodedBytes, secret, _pbkdf2Iterations, _encoding));
}
private static void Validate(long value1, string operator1, long value2, string operator2)
{
var invalidOperator1 = !s_operator1Values.Contains(operator1);
s_helper.Check <StorageClientException>(invalidOperator1,
Messages.RangeFilter.s_errIllegalOperator1);
var invalidOperator2 = !s_operator2Values.Contains(operator2);
s_helper.Check <StorageClientException>(invalidOperator2,
Messages.RangeFilter.s_errIllegalOperator2);
var invalidRange = value1 > value2;
s_helper.Check <StorageClientException>(invalidRange,
Messages.RangeFilter.s_errIllegalRange);
}
protected static string DecodeBytes(byte[] decodedBytes, Secret secret, int pbkdf2Iterations, Encoding encoding)
{
#pragma warning disable CA1062
var invalidCipherLength = decodedBytes.Length < MetaInfoLength;
#pragma warning restore CA1062
s_helper.Check <StorageCryptoException>(invalidCipherLength, Messages.AesGcmCipher.s_errWrongEncryptedText);
s_helper.Check <StorageCryptoException>(secret == null, Messages.AesGcmCipher.s_errNoSecret);
s_helper.Check <StorageCryptoException>(encoding == null, Messages.AesGcmCipher.s_errNoEncoding);
var salt = Arrays.CopyOfRange(decodedBytes, 0, SaltLength);
var iv = Arrays.CopyOfRange(decodedBytes, SaltLength, MetaInfoLength);
var encrypted = Arrays.CopyOfRange(decodedBytes, MetaInfoLength, decodedBytes.Length);
var key = SecretKeyFactory.GetKey(salt, secret, pbkdf2Iterations);
try
{
var cipher = new GcmBlockCipher(new AesEngine());
var parameters = new AeadParameters(new KeyParameter(key), AuthTagLengthInBits, iv, null);
cipher.Init(false, parameters);
var decryptedText = new byte[cipher.GetOutputSize(encrypted.Length)];
var len = cipher.ProcessBytes(encrypted, 0, encrypted.Length, decryptedText, 0);
cipher.DoFinal(decryptedText, len);
#pragma warning disable CA1062
return(encoding.GetString(decryptedText));
#pragma warning restore CA1062
}
catch (InvalidCipherTextException ex)
{
s_log.Error(ex, Messages.AesGcmCipher.s_errInvalidCipher);
throw new StorageCryptoException(Messages.AesGcmCipher.s_errInvalidCipher, ex);
}
catch (System.Exception ex)
{
s_log.Error(ex, Messages.AesGcmCipher.s_errUnexpectedDuringDecryption);
throw new StorageCryptoException(Messages.AesGcmCipher.s_errUnexpectedDuringDecryption, ex);
}
finally
{
SecretKeyFactory.ShuffleSecretKey(key);
}
}
public CryptoProvider(AbstractCipher currentCipher = null)
{
_defaultCipher = new AesGcmPbkdf10KBase64Cipher(_encoding);
AddDefaultCiphers(new PlainTextBase64Cipher(_encoding),
new AesGcmPbkdf10KHexCipher(_encoding),
_defaultCipher);
if (currentCipher == null)
{
return;
}
s_helper.Check <StorageClientException>(string.IsNullOrEmpty(currentCipher.Name),
Messages.CryptoProvider.s_errNullCipherName);
_customCipherDict[currentCipher.NameBase64] = currentCipher;
_defaultCipher = currentCipher;
}
public FindFilter LimitAndOffset(int limit = MaximumLimit, int offset = DefaultOffset)
{
var invalidLimit = limit > MaximumLimit || limit < 1;
s_helper.Check <StorageClientException>(invalidLimit, Messages.FindFilter.s_errIllegalLimit, MaximumLimit,
limit);
s_helper.Check <StorageClientException>(offset < 0, Messages.FindFilter.s_errIllegalOffset);
Limit = limit;
Offset = offset;
return(this);
}
private Storage(StorageConfig config)
{
s_helper.Check <StorageClientException>(config == null, Messages.Storage.s_errNullConfig);
_httpClient = new HttpClient();
_httpClient.DefaultRequestHeaders.UserAgent.Add(new ProductInfoHeaderValue(VersionInfo.ProductName,
VersionInfo.ProductVersion));
#pragma warning disable CA1062
_httpClient.Timeout = new TimeSpan(0, 0, config.HttpTimeout);
#pragma warning restore CA1062
ITokenClient tokenClient = null;
if (!string.IsNullOrEmpty(config.ApiKey))
{
tokenClient = new ApiKeyTokenClient(config.ApiKey);
}
if (!(string.IsNullOrEmpty(config.ClientId) || string.IsNullOrEmpty(config.ClientSecret)))
{
tokenClient = new OAuthTokenClient(config.DefaultAuthEndpoint, config.AuthEndpoints,
config.EnvironmentId, config.ClientId, config.ClientSecret, _httpClient);
}
s_helper.Check <StorageClientException>(tokenClient == null, Messages.Storage.s_errNullCredentials);
_cryptoProvider = config.CryptoProvider;
if (config.CryptoProvider == null)
{
_cryptoProvider = new CryptoProvider();
}
_cryptoProvider.ValidateCustomCiphers(config.SecretKeyAccessor?.Invoke());
_hashUtils = new HashUtils(config.EnvironmentId, config.NormalizeKeys, Encoding.UTF8);
_transformer = new DtoTransformer(_cryptoProvider, _hashUtils, config.HashSearchKeys,
config.SecretKeyAccessor);
_dao = HttpDao.NewDao(config.EnvironmentId, tokenClient, _httpClient, config.EndPoint, config.EndpointMask,
config.CountriesEndPoint);
}
private static void Validate(IReadOnlyCollection <string> values)
{
var invalidFilter = values == null || values.Count == 0 || values.Contains(null);
s_helper.Check <StorageClientException>(invalidFilter, Messages.StringFilter.s_errNullStringFilter);
}
