public void GetAllElements_EmptyOrNonexistentDirectory_ReturnsEmptyCollection() { WithUniqueTempRegKey(regKey => { // Arrange var repository = new RegistryXmlRepository(regKey, NullLoggerFactory.Instance); // Act var allElements = repository.GetAllElements(); // Assert Assert.Equal(0, allElements.Count); }); }
public void RegistryKey_Property() { WithUniqueTempRegKey(regKey => { // Arrange var repository = new RegistryXmlRepository(regKey, NullLoggerFactory.Instance); // Act var retVal = repository.RegistryKey; // Assert Assert.Equal(regKey, retVal); }); }
public void StoreElements_ThenRetrieve_SeesAllElements() { WithUniqueTempRegKey(regKey => { // Arrange var repository = new RegistryXmlRepository(regKey, NullLoggerFactory.Instance); // Act repository.StoreElement(new XElement("element1"), friendlyName: null); repository.StoreElement(new XElement("element2"), friendlyName: null); repository.StoreElement(new XElement("element3"), friendlyName: null); var allElements = repository.GetAllElements(); // Assert var orderedNames = allElements.Select(el => el.Name.LocalName).OrderBy(name => name); Assert.Equal(new[] { "element1", "element2", "element3" }, orderedNames); }); }
/// <summary> /// https://github.com/dotnet/aspnetcore/blob/d8906c8523f071371ce95d4e2d2fdfa89858047e/src/DataProtection/DataProtection/src/KeyManagement/XmlKeyManager.cs#L105 /// </summary> /// <returns></returns> internal IXmlRepository GetFallbackKeyRepositoryEncryptorPair() { IXmlRepository key; var forAzureWebSites = DefaultKeyStorageDirectories.Instance.GetKeyStorageDirectoryForAzureWebSites(); if (forAzureWebSites != null) { key = new FileSystemXmlRepository(forAzureWebSites, this._loggerFactory); } else { var storageDirectory = DefaultKeyStorageDirectories.Instance.GetKeyStorageDirectory(); if (storageDirectory != null) { key = new FileSystemXmlRepository(storageDirectory, this._loggerFactory); } else { RegistryKey registryKey = null; if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { registryKey = RegistryXmlRepository.DefaultRegistryKey; } if (registryKey != null) { var defaultRegistryKey = RegistryXmlRepository.DefaultRegistryKey; key = new RegistryXmlRepository(defaultRegistryKey, this._loggerFactory); } else { throw new Exception( "Is not possible to determine which folder are the protection keys. NetDevPack.Security.JwtSigningCredentials.Store.FileSystem or NetDevPack.Security.JwtSigningCredentials.Store.EntityFrameworkCore"); } } } return(key); }
public void StoreElement_WithValidFriendlyName_UsesFriendlyName() { WithUniqueTempRegKey(regKey => { // Arrange var element = XElement.Parse("<element1 />"); var repository = new RegistryXmlRepository(regKey, NullLoggerFactory.Instance); // Act repository.StoreElement(element, "valid-friendly-name"); // Assert var valueNames = regKey.GetValueNames(); var valueName = valueNames.Single(); // only one value should've been created // value name should be "valid-friendly-name" Assert.Equal("valid-friendly-name", valueName, StringComparer.OrdinalIgnoreCase); // value contents should be "<element1 />" var parsedElement = XElement.Parse(regKey.GetValue(valueName) as string); XmlAssert.Equal("<element1 />", parsedElement); }); }
public void StoreElement_WithInvalidFriendlyName_CreatesNewGuidAsName(string friendlyName) { WithUniqueTempRegKey(regKey => { // Arrange var element = XElement.Parse("<element1 />"); var repository = new RegistryXmlRepository(regKey, NullLoggerFactory.Instance); // Act repository.StoreElement(element, friendlyName); // Assert var valueNames = regKey.GetValueNames(); var valueName = valueNames.Single(); // only one value should've been created // value name should be "{GUID}" Guid parsedGuid = Guid.Parse(valueName as string); Assert.NotEqual(Guid.Empty, parsedGuid); // value contents should be "<element1 />" var parsedElement = XElement.Parse(regKey.GetValue(valueName) as string); XmlAssert.Equal("<element1 />", parsedElement); }); }
internal KeyValuePair <IXmlRepository, IXmlEncryptor> GetFallbackKeyRepositoryEncryptorPair() { IXmlRepository repository = null; IXmlEncryptor encryptor = null; // If we're running in Azure Web Sites, the key repository goes in the %HOME% directory. var azureWebSitesKeysFolder = _keyStorageDirectories.GetKeyStorageDirectoryForAzureWebSites(); if (azureWebSitesKeysFolder != null) { _logger.UsingAzureAsKeyRepository(azureWebSitesKeysFolder.FullName); // Cloud DPAPI isn't yet available, so we don't encrypt keys at rest. // This isn't all that different than what Azure Web Sites does today, and we can always add this later. repository = new FileSystemXmlRepository(azureWebSitesKeysFolder, _loggerFactory); } else { // If the user profile is available, store keys in the user profile directory. var localAppDataKeysFolder = _keyStorageDirectories.GetKeyStorageDirectory(); if (localAppDataKeysFolder != null) { if (OSVersionUtil.IsWindows()) { Debug.Assert(RuntimeInformation.IsOSPlatform(OSPlatform.Windows)); // Hint for the platform compatibility analyzer. // If the user profile is available, we can protect using DPAPI. // Probe to see if protecting to local user is available, and use it as the default if so. encryptor = new DpapiXmlEncryptor( protectToLocalMachine: !DpapiSecretSerializerHelper.CanProtectToCurrentUserAccount(), loggerFactory: _loggerFactory); } repository = new FileSystemXmlRepository(localAppDataKeysFolder, _loggerFactory); if (encryptor != null) { _logger.UsingProfileAsKeyRepositoryWithDPAPI(localAppDataKeysFolder.FullName); } else { _logger.UsingProfileAsKeyRepository(localAppDataKeysFolder.FullName); } } else { // Use profile isn't available - can we use the HKLM registry? RegistryKey regKeyStorageKey = null; if (OSVersionUtil.IsWindows()) { Debug.Assert(RuntimeInformation.IsOSPlatform(OSPlatform.Windows)); // Hint for the platform compatibility analyzer. regKeyStorageKey = RegistryXmlRepository.DefaultRegistryKey; } if (regKeyStorageKey != null) { Debug.Assert(RuntimeInformation.IsOSPlatform(OSPlatform.Windows)); // Hint for the platform compatibility analyzer. regKeyStorageKey = RegistryXmlRepository.DefaultRegistryKey; // If the user profile isn't available, we can protect using DPAPI (to machine). encryptor = new DpapiXmlEncryptor(protectToLocalMachine: true, loggerFactory: _loggerFactory); repository = new RegistryXmlRepository(regKeyStorageKey, _loggerFactory); _logger.UsingRegistryAsKeyRepositoryWithDPAPI(regKeyStorageKey.Name); } else { // Final fallback - use an ephemeral repository since we don't know where else to go. // This can only be used for development scenarios. repository = new EphemeralXmlRepository(_loggerFactory); _logger.UsingEphemeralKeyRepository(); } } } return(new KeyValuePair <IXmlRepository, IXmlEncryptor>(repository, encryptor)); }
private static IEnumerable <IServiceDescriptor> GetDefaultServicesWindows(ServiceDescriber describe) { List <ServiceDescriptor> descriptors = new List <ServiceDescriptor>(); // Are we running in Azure Web Sites? DirectoryInfo azureWebSitesKeysFolder = TryGetKeysFolderForAzureWebSites(); if (azureWebSitesKeysFolder != null) { // We'll use a null protector at the moment until the // cloud DPAPI service comes online. descriptors.AddRange(new[] { describe.Singleton <IXmlEncryptor, NullXmlEncryptor>(), describe.Instance <IXmlRepository>(new FileSystemXmlRepository(azureWebSitesKeysFolder)) }); } else { // Are we running with the user profile loaded? DirectoryInfo localAppDataKeysFolder = TryGetLocalAppDataKeysFolderForUser(); if (localAppDataKeysFolder != null) { descriptors.AddRange(new[] { describe.Instance <IXmlEncryptor>(new DpapiXmlEncryptor(protectToLocalMachine: false)), describe.Instance <IXmlRepository>(new FileSystemXmlRepository(localAppDataKeysFolder)) }); } else { // If we've reached this point, we have no user profile loaded. RegistryXmlRepository hklmRegXmlRepository = RegistryXmlRepository.GetDefaultRepositoryForHKLMRegistry(); if (hklmRegXmlRepository != null) { // Have WAS and IIS created an auto-gen key folder in the HKLM registry for us? // If so, use it as the repository, and use DPAPI as the key protection mechanism. // We use same-machine DPAPI since we already know no user profile is loaded. descriptors.AddRange(new[] { describe.Instance <IXmlEncryptor>(new DpapiXmlEncryptor(protectToLocalMachine: true)), describe.Instance <IXmlRepository>(hklmRegXmlRepository) }); } else { // Fall back to DPAPI for now return(new[] { describe.Instance <IDataProtectionProvider>(new DpapiDataProtectionProvider(DataProtectionScope.LocalMachine)) }); } } } // We use CNG CBC + HMAC by default. descriptors.AddRange(new[] { describe.Singleton <IAuthenticatedEncryptorConfigurationFactory, CngCbcAuthenticatedEncryptorConfigurationFactory>(), describe.Singleton <ITypeActivator, TypeActivator>(), describe.Singleton <IKeyManager, XmlKeyManager>(), describe.Singleton <IDataProtectionProvider, DefaultDataProtectionProvider>() }); return(descriptors); }