コード例 #1
0
        /// <summary>
        /// Encrypt SD data with exchange key.
        /// </summary>
        /// <param name="plaintextList"></param>
        /// <param name="cert">Exchange key</param>
        /// <returns></returns>
        public SecurityDomainRestoreData EncryptForRestore(PlaintextList plaintextList, X509Certificate2 cert)
        {
            try
            {
                SecurityDomainRestoreData securityDomainRestoreData = new SecurityDomainRestoreData();
                securityDomainRestoreData.EncData.kdf = "sp108_kdf";

                byte[] master_key = Utils.GetRandom(32);

                foreach (Plaintext p in plaintextList.list)
                {
                    Datum      datum   = new Datum();
                    HMACSHA512 hmac    = new HMACSHA512();
                    byte[]     enc_key = KDF.sp800_108(master_key, p.tag, "", hmac, 512);

                    datum.tag = p.tag;
                    JWE jwe = new JWE();
                    jwe.Encrypt(enc_key, p.plaintext, "A256CBC-HS512", p.tag);
                    datum.compact_jwe = jwe.EncodeCompact();
                    securityDomainRestoreData.EncData.data.Add(datum);
                }

                // Now go make the wrapped key
                JWE jwe_wrapped = new JWE();
                jwe_wrapped.Encrypt(cert, master_key);
                securityDomainRestoreData.WrappedKey.enc_key = jwe_wrapped.EncodeCompact();
                securityDomainRestoreData.WrappedKey.x5t_256 = Base64UrlEncoder.Encode(Utils.Sha256Thumbprint(cert));
                return(securityDomainRestoreData);
            }
            catch (Exception ex)
            {
                throw new Exception("Failed to encrypt security domain data for restoring.", ex);
            }
        }
コード例 #2
0
        /// <summary>
        /// Upload security domain data and initiate restoring.
        /// </summary>
        /// <param name="hsmName"></param>
        /// <param name="securityDomainData">Encrypted by exchange key</param>
        public void RestoreSecurityDomain(string hsmName, SecurityDomainRestoreData securityDomainData, CancellationToken cancellationToken)
        {
            string securityDomain = JsonConvert.SerializeObject(new SecurityDomainWrapper
            {
                value = JsonConvert.SerializeObject(securityDomainData)
            });

            try
            {
                var httpRequest = CreateRequest(HttpMethod.Post, hsmName, $"/{_securityDomain}/upload", new StringContent(securityDomain));
                PollAsyncOperation(httpRequest, cancellationToken);
            }
            catch (Exception ex)
            {
                throw new Exception(Resources.RestoreSecurityDomainFailure, ex);
            }
        }
コード例 #3
0
        /// <summary>
        /// Upload security domain data and initiate restoring.
        /// </summary>
        /// <param name="hsmName"></param>
        /// <param name="securityDomainData">Encrypted by exchange key</param>
        public void RestoreSecurityDomain(string hsmName, SecurityDomainRestoreData securityDomainData)
        {
            string securityDomain = JsonConvert.SerializeObject(new SecurityDomainWrapper
            {
                value = JsonConvert.SerializeObject(securityDomainData)
            });

            try
            {
                var httpRequest = new HttpRequestMessage
                {
                    Method     = HttpMethod.Post,
                    RequestUri = new UriBuilder(_uriHelper.CreateManagedHsmUri(hsmName))
                    {
                        Path = $"/{_securityDomainPathFragment}/upload"
                    }.Uri,
                    Content = new StringContent(securityDomain)
                };

                PrepareRequest(httpRequest);

                var httpResponseMessage = HttpClient.SendAsync(httpRequest).ConfigureAwait(false).GetAwaiter().GetResult();
                var responseBody        = httpResponseMessage.Content.ReadAsStringAsync().ConfigureAwait(false).GetAwaiter().GetResult();
                if (httpResponseMessage.IsSuccessStatusCode)
                {
                    if (string.IsNullOrEmpty(responseBody))
                    {
                        throw new Exception("Got empty response when restoring security domain.");
                    }
                }
                else
                {
                    throw new Exception($"Got {httpResponseMessage.StatusCode}, {responseBody}");
                }
            }
            catch (Exception ex)
            {
                throw new Exception(Resources.RestoreSecurityDomainFailure, ex);
            }
        }