public static bool NewItem(string Id, string VaultName, string Location, string VaultURI, bool SoftDeleteEnabled, string[] Tags)
{
bool ItemExists = KeyVaultHelper.ItemExists(null, VaultName, true);
if (ItemExists)
{
return false;
}
// Generate Vault Key
byte[] VaultKey = new byte[32];
RNGCryptoServiceProvider.Create().GetBytes(VaultKey);
Hashtable table = new Hashtable {
{"Id", Id},
{"VaultName", VaultName },
{"Location", Location },
{"VaultURI", VaultURI },
{"SoftDeleteEnabled", SoftDeleteEnabled },
{"VaultKey", VaultKey}
};
if (Tags != null)
table.Add("Tags", String.Join(";", Tags));
return SQLiteDB.CreateRow("PSAdminKeyVault", table);
}
// (string Id, string VaultName, string Name, string Version, string Enabled, Nullable<DateTime> Expires, Nullable<DateTime> NotBefore, Nullable<DateTime> Created, Nullable<DateTime> Updated, string ContentType, string[] Tags, string SecretValue)
#region New
public static bool NewItem(string Id, string VaultName, string Name, string Version, string Enabled, Nullable <DateTime> Expires, Nullable <DateTime> NotBefore, string ContentType, string[] Tags, string SecretValue)
{
bool ItemExists = KeyVaultSecretHelper.ItemExists(null, VaultName, Name, null, false, true);
if (ItemExists)
{
return(false);
}
// Create Item
byte[] Key = KeyVaultHelper.GetVaultKey(VaultName);
Hashtable table = new Hashtable {
{ "Id", Id },
{ "VaultName", VaultName },
{ "Name", Name },
{ "Version", Version },
{ "Enabled", Enabled },
{ "Expires", Expires },
{ "NotBefore", NotBefore },
{ "Created", DateTime.UtcNow },
{ "Updated", DateTime.UtcNow },
{ "ContentType", ContentType },
{ "SecretValue", Crypto.ConvertToKeyVaultSecret(SecretValue, Key) }
};
if (Tags != null)
{
table.Add("Tags", string.Join(";", Tags));
}
return(SQLiteDB.CreateRow(TableName, table));
}
internal static bool NewItemThrow(string Id, string VaultName, string Location, string VaultURI, bool SoftDeleteEnabled, string[] Tags)
{
KeyVaultHelper.ThrowIfItemExists(null, VaultName, true);
bool IsSuccessful = NewItem(Id, VaultName, Location, VaultURI, SoftDeleteEnabled, Tags);
if (!IsSuccessful)
{
throw new PSAdminException(PSAdminExceptionType.RowCreate);
}
return true;
}
public static bool SetItemsThrow(string Id, string VaultName, string Name, string Version, string Enabled, Nullable <DateTime> Expires, Nullable <DateTime> NotBefore, string ContentType, string[] Tags, string SecretValue, bool Exact)
{
KeyVaultHelper.GetItemThrow(null, VaultName, true);
bool issuccessful = SetItems(Id, VaultName, Name, Version, Enabled, Expires, NotBefore, ContentType, Tags, SecretValue, Exact);
if (!issuccessful)
{
throw new PSAdminException(PSAdminExceptionType.RowUpdate);
}
return(true);
}
public static bool NewItemThrow(string Id, string VaultName, string Name, string Version, string Enabled, Nullable <DateTime> Expires, Nullable <DateTime> NotBefore, string ContentType, string[] Tags, string SecretValue)
{
KeyVaultHelper.ThrowIfItemNotExists(null, VaultName, true);
ThrowIfItemExists(null, VaultName, Name, null, false, true);
bool IsSuccessful = NewItem(Id, VaultName, Name, Version, Enabled, Expires, NotBefore, ContentType, Tags, SecretValue);
if (!IsSuccessful)
{
throw new PSAdminException(PSAdminExceptionType.RowCreate);
}
return(true);
}
public static Data.KeyVaultSecret[] GetItems(string Id, string VaultName, string Name, string[] Tags, bool Decrypt, bool Exact)
{
string filter;
Hashtable filterTable = new Hashtable {
{ "Id", Id },
{ "VaultName", VaultName },
{ "Name", Name }
};
filter = SQLiteDB.Filter(filterTable, Exact);
string filterTags = SQLiteDB.Filter("Tags", Tags, false);
if (!String.IsNullOrEmpty(filterTags))
{
filter = String.Format("{0} AND {1}", filter, filterTags);
}
Data.KeyVaultSecret[] result = SQLiteDB.ConvertToType <Data.KeyVaultSecret[]>(
SQLiteDB.GetRow(TableName, filter)
);
foreach (Data.KeyVaultSecret i in result)
{
//Todo: Remove Version Check
if (i.Version == "-1")
{
continue;
}
byte[] Key = KeyVaultHelper.GetVaultKey(i.VaultName);
// Decrypt Data to respective content type
if ((Decrypt) && (i.ContentType == "txt"))
{
i.SecretValue = Crypto.ConvertFromKeyVaultSecret((byte[])i.SecretValue, Key);
}
else if (Decrypt)
{
i.SecretValue = Crypto.ConvertFromKeyVaultSecretAsBytes((byte[])i.SecretValue, Key);
}
else
{
i.SecretValue = Crypto.ConvertFromKeyVaultSecretAsSecureString((byte[])i.SecretValue, Key);
}
}
return(result);
}
internal static byte[] GetVaultKey(string VaultName)
{
Data.KeyVault KeyVault = KeyVaultHelper.GetItemThrow(null, VaultName, true);
if ( String.IsNullOrEmpty(KeyVault.Thumbprint) )
return KeyVault.VaultKey;
Data.KeyVaultCertificate Certificate = KeyVaultCertificateHelper.GetItemThrow(null, VaultName, null, KeyVault.Thumbprint, null, true, true);
// Decrypt the Key
X509Certificate2 x509 = (X509Certificate2)Certificate.Certificate;
if ((x509.HasPrivateKey == false) || (x509.PrivateKey == null))
{
throw new InvalidOperationException("Certificate does not contain PrivateKey");
}
return ((RSACryptoServiceProvider)x509.PrivateKey).Decrypt(KeyVault.VaultKey, true);
}
public static bool SetItems(string Id, string VaultName, string Name, string Version, string Enabled, Nullable <DateTime> Expires, Nullable <DateTime> NotBefore, string ContentType, string[] Tags, string SecretValue, bool Exact)
{
Data.KeyVault KeyVault = KeyVaultHelper.GetItem(null, VaultName, true);
if (KeyVault == null)
{
return(false);
}
// Build the Key
byte[] Key = KeyVaultHelper.GetVaultKey(KeyVault.VaultName);
byte[] SecretData = null;
if (!String.IsNullOrEmpty(SecretValue))
{
SecretData = Crypto.ConvertToKeyVaultSecret(SecretValue, Key);
}
Hashtable filter = new Hashtable {
{ "Id", Id },
{ "VaultName", VaultName },
{ "Name", Name }
};
Hashtable table = new Hashtable {
{ "Version", Version },
{ "Enabled", Enabled },
{ "Expires", Expires },
{ "NotBefore", NotBefore },
{ "ContentType", ContentType },
{ "Tags", Tags },
{ "SecretValue", SecretData }
};
if (Tags != null)
{
table.Add("Tags", String.Join(";", Tags));
}
return(SQLiteDB.UpdateRow(TableName, table, filter, Exact));
}
