public SessionPack(WebBase64 sessionMaterial, byte[] cipherText)
{
Version = 1;
SessionMaterial = sessionMaterial;
CipherText = cipherText;
}
public string SignCompact(byte[] payload)
{
var key = this.GetPrimaryKey();
var alg = Jwt.AlgForKey(key);
if (alg == null)
{
throw new InvalidKeyTypeException("Invalid Key Parameters For JWT");
}
var header = new JwtHeader
{
typ = "JWT",
alg = alg?.ToString(),
kid = WebBase64.FromBytes(key.GetKeyHash())
};
var stringHeader = JsonConvert.SerializeObject(header);
var encodedHeader = Jwt.EncodeToBase64(stringHeader);
var encodedPayload = WebBase64.FromBytes(payload);
var input = Encoding.UTF8.GetBytes($"{encodedHeader}.{encodedPayload}");
using (var outStream = new MemoryStream())
using (var memStream = new MemoryStream(input))
{
Sign(memStream, outStream, null, null, input, -1);
return(Encoding.UTF8.GetString(outStream.ToArray()));
}
}
private SessionCrypter HelperSessionCrypter(Crypter crypter, WebBase64 session, string unoffical)
{
if (String.IsNullOrWhiteSpace(unoffical))
{
return(new SessionCrypter(crypter, session));
}
else
{
return(new SessionCrypter(crypter, session, keyPacker: new BsonSessionKeyPacker()));
}
}
protected override void PadSignature(byte[] signature, Stream outputStream, object extra)
{
var input = (byte[])extra;
outputStream.Write(input, 0, input.Length);
outputStream.Write(Encoding.UTF8.GetBytes("."), 0, 1);
var b64Sig = WebBase64.FromBytes(signature);
var sig = Encoding.UTF8.GetBytes(b64Sig.ToString());
outputStream.Write(sig, 0, sig.Length);
}
public void CreateNoPrimary()
{
using (var writer = CreateNewStorageWriter(DefaultContainer, "no-primary"))
using (var ks = CreateNewKeySetMeta(KeyKind.Symmetric, KeyPurpose.DecryptAndEncrypt))
{
int ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(writer);
Expect(success, Is.True);
}
WebBase64 cipherText = null;
using (var origKs = new StorageKeySet(GetClientCred(), DefaultContainer, "no-primary"))
using (var encrypter = new Encrypter(origKs))
{
cipherText = encrypter.Encrypt(Input);
}
using (var origKs = new StorageKeySet(GetClientCred(), DefaultContainer, "no-primary"))
using (var ks = new MutableKeySet(origKs))
using (var writer = CreateNewStorageWriter(DefaultContainer, "no-primary"))
{
var status = ks.Demote(1);
Expect(status, Is.EqualTo(KeyStatus.Active));
var success = ks.Save(writer);
Expect(success, Is.True);
}
using (var origKs = new StorageKeySet(GetClientCred(), DefaultContainer, "no-primary"))
using (var crypter = new Crypter(origKs))
{
var output = crypter.Decrypt(cipherText);
Expect(output, Is.EqualTo(Input));
}
}
private void EncodeData(Stream outstream, string destination)
{
var memstream = (MemoryStream)outstream;
outstream.Flush();
var encodedOutput = _format != WireFormat.SignJwt
? WebBase64.FromBytes(memstream.ToArray()).ToString()
: Encoding.UTF8.GetString(memstream.ToArray());
if (String.IsNullOrWhiteSpace(destination))
{
Console.Write(encodedOutput);
}
else
{
if (File.Exists(destination))
{
throw new Exception("File already Exists!!");
}
File.WriteAllText(destination, encodedOutput);
}
}
public void RevokeOverwrite()
{
var testPath = "revoke-override";
using (var writer = CreateNewStorageWriter(DefaultContainer, testPath))
using (var ks = CreateNewKeySetMeta(KeyKind.Symmetric, KeyPurpose.DecryptAndEncrypt))
{
int ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(writer);
Expect(success, Is.True);
}
WebBase64 origCipherText = null;
WebBase64 origKeyId = null;
using (var ks = new StorageKeySet(GetClientCred(), DefaultContainer, testPath))
using (var encrypter = new Encrypter(ks))
{
origCipherText = encrypter.Encrypt(Input);
origKeyId = WebBase64.FromBytes(ks.Metadata.Versions.First().KeyId);
}
using (var origKs = new StorageKeySet(GetClientCred(), DefaultContainer, testPath))
using (var ks = new MutableKeySet(origKs))
using (var writer = CreateNewStorageWriter(DefaultContainer, testPath))
{
var status = ks.Demote(1);
Expect(status, Is.EqualTo(KeyStatus.Active));
var status2 = ks.Demote(1);
Expect(status2, Is.EqualTo(KeyStatus.Inactive));
var revoked = ks.Revoke(1);
Expect(revoked, Is.True);
var success = ks.Save(writer);
Expect(success, Is.True);
}
using (var writer = CreateNewStorageWriter(DefaultContainer, testPath))
using (var ks = CreateNewKeySetMeta(KeyKind.Symmetric, KeyPurpose.DecryptAndEncrypt))
{
int ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(writer);
Expect(success, Is.True);
}
WebBase64 newCipherText = null;
using (var ks = new StorageKeySet(GetClientCred(), DefaultContainer, testPath))
using (var encrypter = new Encrypter(ks))
{
newCipherText = encrypter.Encrypt(Input);
}
using (var ks = StorageKeySet.Create(GetClientCred(), DefaultContainer, testPath)())
{
var newKeyId = WebBase64.FromBytes(ks.Metadata.Versions.First().KeyId);
var prefix = new byte[KeyczarConst.KeyHashLength];
Array.Copy(newCipherText.ToBytes(), 1, prefix, 0, prefix.Length);
Expect(prefix, Is.Not.EqualTo(origKeyId.ToBytes()));
Expect(prefix, Is.EqualTo(newKeyId.ToBytes()));
}
}
/// <summary>
/// Verifies the specified raw data.
/// </summary>
/// <param name="rawData">The raw data.</param>
/// <param name="signature">The signature.</param>
/// <returns></returns>
public bool Verify(string rawData, WebBase64 signature)
{
return Verify(RawStringEncoding.GetBytes(rawData), signature.ToBytes());
}
/// <summary>
/// Decrypts the specified data.
/// </summary>
/// <param name="data">The data.</param>
/// <returns></returns>
public string Decrypt(WebBase64 data)
{
return RawStringEncoding.GetString(Decrypt(data.ToBytes()));
}
private SessionCrypter HelperSessionCrypter(Crypter crypter, WebBase64 session, string unoffical)
{
if (String.IsNullOrWhiteSpace(unoffical))
{
return new SessionCrypter(crypter, session);
}
else
{
return new SessionCrypter(crypter, session, keyPacker: new BsonSessionKeyPacker());
}
}
internal static string EncodeToBase64(string jsontext)
{
var rawBytes = Encoding.UTF8.GetBytes(jsontext);
return(WebBase64.FromBytes(rawBytes).ToString());
}
