public override ValidationResult Validate(SecretDecryptionContext decryptionContext, string validationData, ClaimsPrincipal principal)
{
var emailData = DeserializeData <UserEmailValidationData>(validationData);
if (emailData.MustLogin)
{
if (principal == null || !principal.Identity.IsAuthenticated)
{
_logger.LogDebug($"User is not authorized");
return(new ValidationResult(false)
{
Error = "User is not authenticated",
ValidationPointOfFailure = this.Name
});
}
var userEmail = principal.FindFirst(ClaimTypes.Email)?.Value;
if (userEmail == emailData.Email)
{
return(ValidationResult.SuccessResult);
}
else
{
_logger.LogDebug($"Authenticated user {userEmail} did not match {emailData.Email}");
return(new ValidationResult(false)
{
Error = "Authenticated user does not match target user",
ValidationPointOfFailure = this.Name
});
}
}
return(ValidationResult.SuccessResult);
}
public virtual ValidationResult Validate(SecretDecryptionContext secretContext, ClaimsPrincipal principal, ValidationStage stage)
{
_secretContext = secretContext;
_principal = principal;
foreach (var rule in _secretContext.Secret.SecretValidationRules)
{
var result = ValidateRule(rule, stage);
if (!result.IsValid)
{
return(result);
}
}
return(ValidationResult.SuccessResult);
}
public override ValidationResult Validate(SecretDecryptionContext decryptionContext, string validationData, ClaimsPrincipal principal)
{
var expiryData = DeserializeData <ExpiryValidationData>(validationData);
var isValid = !expiryData.Expiry.HasValue || DateTime.Now < expiryData.Expiry;
_logger.LogDebug($"Validating expiry: {isValid}");
if (isValid)
{
return(ValidationResult.SuccessResult);
}
else
{
return(new ValidationResult(false)
{
Error = "Secret expired",
ValidationPointOfFailure = this.Name
});
}
}
public override ValidationResult Validate(SecretDecryptionContext decryptionContext, string validationData, ClaimsPrincipal principal)
{
var passphraseData = DeserializeData <PassphraseValidationData>(validationData);
var userSuppliedPassphrase = decryptionContext.GetInput(UserInputConstants.Passphrase);
if (string.IsNullOrEmpty(userSuppliedPassphrase))
{
return(ValidationResult.SuccessResult);
}
switch (passphraseData.Algorithm)
{
case PassphraseAlgorithm.Pbkdf2Sha1:
default:
decryptionContext.DecryptionKeys.Clear();
decryptionContext.DecryptionKeys.Add(GetEncryptionKey(userSuppliedPassphrase, passphraseData));
_logger.LogDebug($"Using passphrase {userSuppliedPassphrase} to set encryption key to {decryptionContext.EncryptionKey}");
return(ValidationResult.SuccessResult);
}
}
public override ValidationResult Validate(SecretDecryptionContext decryptionContext, string validationData, ClaimsPrincipal principal)
{
var ipData = DeserializeData <UserIpValidationData>(validationData);
string ipAddress = decryptionContext.GetInput(UserInputConstants.IpAddress);
if (string.IsNullOrEmpty(ipData.IpRegex) || string.IsNullOrEmpty(ipAddress))
{
return(ValidationResult.SuccessResult);
}
if (!Regex.IsMatch(ipAddress, ipData.IpRegex))
{
_logger.LogDebug($"IP address {ipAddress} did not match pattern {ipData.IpRegex}");
return(new ValidationResult(false)
{
Error = "User IP does not match expected pattern",
ValidationPointOfFailure = this.Name
});
}
return(ValidationResult.SuccessResult);
}
public virtual ValidationResult Validate(SecretDecryptionContext secret, string validationData, ClaimsPrincipal principal)
{
throw new NotImplementedException("Rule validation not implemented");
}