/// <summary>
/// Creates the configuration content key.
/// </summary>
/// <param name="configEncryption">The config encryption.</param>
/// <param name="cert">The cert.</param>
/// <returns>The content key.</returns>
internal static ContentKeyData CreateConfigurationContentKey(ConfigurationEncryption configEncryption, X509Certificate2 cert)
{
byte[] encryptedContentKey = configEncryption.EncryptContentKeyToCertificate(cert);
ContentKeyData contentKeyData = new ContentKeyData
{
Id = configEncryption.GetKeyIdentifierAsString(),
EncryptedContentKey = Convert.ToBase64String(encryptedContentKey),
ContentKeyType = (int)ContentKeyType.ConfigurationEncryption,
ProtectionKeyId = cert.Thumbprint,
ProtectionKeyType = (int)ProtectionKeyType.X509CertificateThumbprint,
Checksum = configEncryption.GetChecksum()
};
return(contentKeyData);
}
private void ProtectTaskConfiguration(TaskTemplateData taskTemplate, ref X509Certificate2 certToUse, IMediaDataServiceContext dataContext)
{
using (ConfigurationEncryption configEncryption = new ConfigurationEncryption())
{
// Update the task template with the required data.
taskTemplate.Configuration = configEncryption.Encrypt(taskTemplate.Configuration);
taskTemplate.EncryptionKeyId = configEncryption.GetKeyIdentifierAsString();
taskTemplate.EncryptionScheme = ConfigurationEncryption.SchemeName;
taskTemplate.EncryptionVersion = ConfigurationEncryption.SchemeVersion;
taskTemplate.InitializationVector = configEncryption.GetInitializationVectorAsString();
if (certToUse == null)
{
// Get the certificate to use to encrypt the configuration encryption key.
certToUse = ContentKeyBaseCollection.GetCertificateToEncryptContentKey(GetMediaContext(), ContentKeyType.ConfigurationEncryption);
}
// Create a content key object to hold the encryption key.
ContentKeyData contentKeyData = ContentKeyBaseCollection.InitializeConfigurationContentKey(configEncryption, certToUse);
dataContext.AddObject(ContentKeyBaseCollection.ContentKeySet, contentKeyData);
}
}
/// <summary>
/// Decrypts the configuration string.
/// </summary>
/// <param name="cloudMediaContext">The cloud media context.</param>
/// <param name="encryptionKeyId">The encryption key id.</param>
/// <param name="initializationVector">The initialization vector.</param>
/// <param name="encryptedConfiguration">The encrypted configuration.</param>
/// <returns>The decrypted configuration.</returns>
internal static string DecryptConfigurationString(CloudMediaContext cloudMediaContext, string encryptionKeyId, string initializationVector, string encryptedConfiguration)
{
if (cloudMediaContext == null)
{
throw new ArgumentNullException("cloudMediaContext");
}
if (string.IsNullOrEmpty(encryptionKeyId))
{
throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, StringTable.ErrorArgCannotBeNullOrEmpty, "encryption key identifier"), "encryptionKeyId");
}
if (string.IsNullOrEmpty(initializationVector))
{
throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, StringTable.ErrorArgCannotBeNullOrEmpty, "initialization vector"), "initializationVector");
}
if (string.IsNullOrEmpty(encryptedConfiguration))
{
throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, StringTable.ErrorArgCannotBeNullOrEmpty, "encrypted configuration"), "encryptedConfiguration");
}
string returnValue;
Guid keyId = EncryptionUtils.GetKeyIdAsGuid(encryptionKeyId);
byte[] iv = Convert.FromBase64String(initializationVector);
IContentKey configKey = cloudMediaContext.ContentKeys.Where(c => c.Id == encryptionKeyId).Single();
byte[] contentKey = configKey.GetClearKeyValue();
using (ConfigurationEncryption configEnc = new ConfigurationEncryption(keyId, contentKey, iv))
{
returnValue = configEnc.Decrypt(encryptedConfiguration);
}
return(returnValue);
}
/// <summary>
/// Decrypts the configuration string.
/// </summary>
/// <param name="cloudMediaContext">The cloud media context.</param>
/// <param name="encryptionKeyId">The encryption key id.</param>
/// <param name="initializationVector">The initialization vector.</param>
/// <param name="encryptedConfiguration">The encrypted configuration.</param>
/// <returns>The decrypted configuration.</returns>
internal static string DecryptConfigurationString(MediaContextBase cloudMediaContext, string encryptionKeyId, string initializationVector, string encryptedConfiguration)
{
if (cloudMediaContext == null)
{
throw new ArgumentNullException("cloudMediaContext");
}
if (string.IsNullOrEmpty(encryptionKeyId))
{
throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, StringTable.ErrorArgCannotBeNullOrEmpty, "encryption key identifier"), "encryptionKeyId");
}
if (string.IsNullOrEmpty(initializationVector))
{
throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, StringTable.ErrorArgCannotBeNullOrEmpty, "initialization vector"), "initializationVector");
}
if (string.IsNullOrEmpty(encryptedConfiguration))
{
throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, StringTable.ErrorArgCannotBeNullOrEmpty, "encrypted configuration"), "encryptedConfiguration");
}
string returnValue;
Guid keyId = EncryptionUtils.GetKeyIdAsGuid(encryptionKeyId);
byte[] iv = Convert.FromBase64String(initializationVector);
IContentKey configKey = cloudMediaContext.ContentKeys.Where(c => c.Id == encryptionKeyId).Single();
byte[] contentKey = configKey.GetClearKeyValue();
using (ConfigurationEncryption configEnc = new ConfigurationEncryption(keyId, contentKey, iv))
{
returnValue = configEnc.Decrypt(encryptedConfiguration);
}
return returnValue;
}
private static void ProtectTaskConfiguration(TaskTemplateData taskTemplate, ref X509Certificate2 certToUse, DataServiceContext dataContext)
{
using (ConfigurationEncryption configEncryption = new ConfigurationEncryption())
{
// Update the task template with the required data.
taskTemplate.Configuration = configEncryption.Encrypt(taskTemplate.Configuration);
taskTemplate.EncryptionKeyId = configEncryption.GetKeyIdentifierAsString();
taskTemplate.EncryptionScheme = ConfigurationEncryption.SchemeName;
taskTemplate.EncryptionVersion = ConfigurationEncryption.SchemeVersion;
taskTemplate.InitializationVector = configEncryption.GetInitializationVectorAsString();
if (certToUse == null)
{
// Get the certificate to use to encrypt the configuration encryption key.
certToUse = ContentKeyBaseCollection.GetCertificateToEncryptContentKey(dataContext, ContentKeyType.ConfigurationEncryption);
}
// Create a content key object to hold the encryption key.
ContentKeyData contentKeyData = ContentKeyBaseCollection.CreateConfigurationContentKey(configEncryption, certToUse);
dataContext.AddObject(ContentKeyCollection.ContentKeySet, contentKeyData);
}
}
