internal string Dump(int index, X509Alias Alias)
{
StringBuilder sb = new StringBuilder($"Secret #{index + 1}\r\nName: {Key}\r\n");
sb.AppendLine($"Value: {Reveal(Alias)}\r\n");
return(sb.ToString());
}
/// <summary>
/// Lists the thumbprint value for all encryption certificates which exist in the specified store location. Certificates which do not have the "Key Encipherment" key usage flag set are not included in the list.
/// </summary>
/// <param name="Context">The X509Context from which to list certificates</param>
/// <param name="includeExpired">If true, expired certificates will be included in the resulting list</param>
/// <returns>Line-break-separated list of certificate details</returns>
public static string ListCerts(X509Context Context, bool includeExpired = false)
{
StringBuilder expression = new StringBuilder($"Key Encipherment certificates found in {Context.Name} context:\r\n\r\n");
bool firstAdded = false;
List <X509Alias> Aliases = Context.GetAliases();
X509Alias AssignedAlias = null;
string assignedAliasName = string.Empty;
X509Store Store = new X509Store(Context.Location);
Store.Open(OpenFlags.ReadOnly);
foreach (X509Certificate2 cert in Store.Certificates)
{
if (IsUsable(cert, includeExpired))
{
if (!firstAdded)
{
expression.AppendLine(ListCertFormat.HeaderRow);
firstAdded = true;
}
AssignedAlias = Aliases.FirstOrDefault(p => p.Thumbprint.Matches(cert.Thumbprint));
assignedAliasName = AssignedAlias == null ? Constants.NoAliasAssigned : AssignedAlias.Name;
expression.AppendLine($"{cert.Thumbprint.LeftAlign(Padding.Thumbprint)} {assignedAliasName.LeftAlign(Padding.Assigned_Alias)} {cert.NotAfter.ToString(Constants.DateFormat)}");
}
}
if (!firstAdded)
{
expression.AppendLine(@"None.");
}
return(expression.ToString());
}
private void DecodeFromFile(string importPath = "", string newName = "")
{
string fileToDecode = string.IsNullOrEmpty(importPath) ? StoragePath : importPath;
try
{
X509Alias tmp = new X509Alias(Context);
var Serializer = new DataContractJsonSerializer(GetType());
string json = File.ReadAllText(fileToDecode).Base64Decode();
using (MemoryStream MemStream = new MemoryStream(Encoding.UTF8.GetBytes(json)))
{
tmp = Serializer.ReadObject(MemStream) as X509Alias;
MemStream.Close();
}
Name = string.IsNullOrEmpty(newName) ? tmp.Name : newName;
Thumbprint = tmp.Thumbprint;
Secrets = tmp.Secrets;
if (null != tmp.CertificateBlob)
{
ImportCertKeyBase64(tmp.CertificateBlob);
}
}
catch (Exception ex)
{
throw new X509CryptoException($"Unable to load X509Alias from path \"{fileToDecode}\"", ex);
}
}
public static bool AddSecret(string secretName, string ciphertext, X509Alias Alias)
{
bool secretAdded = false;
KeyValuePair <string, string> tuple = new KeyValuePair <string, string>(secretName, ciphertext);
try
{
Alias.AddSecret(tuple, AllowSecretOverwrite.No);
secretAdded = true;
}
catch (X509SecretAlreadyExistsException ex)
{
if (Util.WarnConfirm(ex.Message, Constants.Affirm))
{
Alias.AddSecret(tuple, AllowSecretOverwrite.Yes);
secretAdded = true;
}
}
if (secretAdded)
{
Alias.Commit();
Console.WriteLine($"\r\nSecret {secretName} has been added to {nameof(X509Alias)} {Alias.Name} in the {Alias.Context.Name} {nameof(X509Context)}\r\n");
}
return(secretAdded);
}
internal string Reveal(X509Alias Alias)
{
try
{
using (X509CryptoAgent Agent = new X509CryptoAgent(Alias))
{
return(Agent.DecryptText(Value));
}
}
catch (Exception ex)
{
throw new X509CryptoException($"Could not decrypt secret named \"{Key}\" in Alias \"{Alias.Name}\"", ex);
}
}
/// <summary>
/// Imports the X509Alias from the specified Json file
/// Note: This method does not import the encryption certificate or its associated key pair needed to work with the X509Alias.
/// </summary>
/// <param name="importPath">The path where the json file is located</param>
/// <param name="Context">The X509Context in which to load the alias</param>
/// <param name="newName">If specified, the alias will be identified by the specified expression. Otherwise, the alias name imported from the json file will be used.</param>
/// <returns></returns>
public static X509Alias Import(string importPath, X509Context Context, string newName = "")
{
if (!File.Exists(importPath))
{
throw new FileNotFoundException(importPath);
}
try
{
X509Alias Alias = new X509Alias(Context);
Alias.DecodeFromFile(importPath, newName);
return(Alias);
}
catch (Exception ex)
{
throw new X509CryptoException($"Unable to import X509Alias from path {importPath}", ex);
}
}
internal X509Secret(X509Alias Alias, string key, string value)
{
string cipherText;
try
{
Key = key;
using (X509CryptoAgent Agent = new X509CryptoAgent(Alias))
{
cipherText = Agent.EncryptText(value);
}
Value = cipherText;
}
catch (Exception ex)
{
throw new X509CryptoException($"Could not encrypt new secret named \"{key}\" in alias \"{Alias.Name}\"", ex);
}
}
/// <summary>
/// Lists all aliases that are found in the specified X509Context
/// </summary>
/// <param name="Context">The X509Context from which to list existing aliases</param>
/// <returns>Line-break-separated list of X509Alias details</returns>
public static string ListAliases(X509Context Context)
{
StringBuilder expression = new StringBuilder($"X509Aliases found in the {Context.Name} context:\r\n\r\n");
bool firstAdded = false;
Dictionary <string, X509Certificate2> Aliases = X509Alias.GetAll(Context);
foreach (KeyValuePair <string, X509Certificate2> Alias in Aliases)
{
if (!firstAdded)
{
expression.AppendLine(ListAliasFormat.HeaderRow);
firstAdded = true;
}
expression.AppendLine($"{Alias.Key.LeftAlign(Padding.Alias)} {Alias.Value.Thumbprint.LeftAlign(Padding.Thumbprint)} {Alias.Value.NotAfter.ToString(Constants.DateFormat)}");
}
if (!firstAdded)
{
expression.AppendLine(@"None.");
}
return(expression.ToString());
}
internal static Dictionary <string, X509Certificate2> GetAll(X509Context Context)
{
Dictionary <string, X509Certificate2> Aliases = new Dictionary <string, X509Certificate2>();
X509Certificate2Collection CertStore = GetCertificates(Context);
X509Alias CurrentAlias;
foreach (string aliasName in Context.GetAliasNames())
{
CurrentAlias = new X509Alias(aliasName, Context);
if (X509CryptoAgent.CertificateExists(CurrentAlias.Thumbprint, Context))
{
foreach (X509Certificate2 Cert in CertStore)
{
if (Cert.Thumbprint.Matches(CurrentAlias.Thumbprint))
{
Aliases.Add(aliasName, Cert);
break;
}
}
}
}
return(Aliases);
}
/// <summary>
/// Returns the collection of all <see cref="X509Alias"/>es found in this context
/// </summary>
/// <returns>the collection of all <see cref="X509Alias"/>es found in this context</returns>
public List <X509Alias> GetAliases(bool includeIfCertNotFound = true)
{
List <X509Alias> Aliases = new List <X509Alias>();
List <string> AliasNames = GetAliasNames();
foreach (string name in AliasNames)
{
try
{
X509Alias Alias = new X509Alias(name, this);
if (!includeIfCertNotFound)
{
_ = Alias.Certificate;
}
Aliases.Add(Alias);
}
catch
{
//Do not incude invalid aliases
}
}
return(Aliases);
}
internal void ReEncrypt(X509Alias Alias, string newThumbprint, X509Context newContext)
{
string newValue = X509Utils.ReEncryptText(Alias.Thumbprint, newThumbprint, Value, Alias.Context, newContext);
Value = newValue;
}
internal string DumpCSV(int index, X509Alias Alias)
{
return($"{index + 1},{Key},\"{Reveal(Alias)}\"");
}
/// <summary>
/// Instantiates an X509AliasAlreadyExistsException
/// </summary>
/// <param name="Alias">The X509Alias that already exists</param>
public X509AliasAlreadyExistsException(X509Alias Alias)
: base($"An X509Alias named \"{Alias.Name}\" already exists in the {Alias.Context.Name} context.")
{
}
internal X509SecretAlreadyExistsException(X509Alias Alias, X509Secret Secret)
: base($"An X509Secret with identifier \"{Secret.Key}\" already exists in the \"{Alias.Name}\" alias.")
{
}
/// <summary>
/// Re-encrypts the specified file using this X509Alias
/// </summary>
/// <param name="inFile">The path to the ciphertext file to re-encrypt</param>
/// <param name="OldAlias">The X509Alias which was previously used to encrypt the file</param>
public void ReEncryptFile(string inFile, X509Alias OldAlias)
{
X509Utils.ReEncryptFile(OldAlias, this, inFile);
}
/// <summary>
/// Re-encrypts an encrypted file using a different
/// </summary>
/// <param name="OldAlias">The old X509Alias that was originally used to encrypt the file</param>
/// <param name="NewAlias">The new X509Alias that will be used to re-encrypt the file</param>
/// <param name="ciphertextFilePath">The path to the ciphertext file to be re-encrypted</param>
public static void ReEncryptFile(X509Alias OldAlias, X509Alias NewAlias, string ciphertextFilePath)
{
ReEncryptFile(OldAlias.Thumbprint, NewAlias.Thumbprint, ciphertextFilePath, OldAlias.Context, NewAlias.Context);
}
/// <summary>
/// Re-Encrypts a secret that is stored in a different X509Alias
/// </summary>
/// <param name="secretName">The identifier of the secret to be re-encrypted</param>
/// <param name="OldAlias">The X509Alias where the secret is stored</param>
/// <returns>A Base64-encoded ciphtertext string</returns>
public string ReEncryptSecret(string secretName, X509Alias OldAlias)
{
string plaintext = OldAlias.RecoverSecret(secretName);
return(EncryptText(plaintext));
}
/// <summary>
/// Re-Encrypts a ciphertext expression, currently encrypted in a different X509Alias, using this X509Alias
/// </summary>
/// <param name="ciphertext">The ciphertext expression to be reencrypted</param>
/// <param name="OldAlias">The identifier of the X509Alias where the input secret is located</param>
/// <returns>A Bas64-encoded ciphertext string</returns>
public string ReEncryptText(string ciphertext, X509Alias OldAlias)
{
string plaintext = OldAlias.DecryptText(ciphertext);
return(EncryptText(plaintext));
}
/// <summary>
/// Indicates whether the encryption certificate referenced by the specified X509Alias exists in the alias context.
/// </summary>
/// <param name="Alias">The X509Alias to check for encryption certificate existence</param>
/// <returns>true if the encryption certificate referenced in the X509Alias exists in the alias context</returns>
public static bool CertificateExists(X509Alias Alias)
{
return(CertificateExists(Alias.Thumbprint, Alias.Context));
}
internal X509CryptoAgent(X509Alias Alias)
: this(Alias.Thumbprint, Alias.Context)
{
}
public X509AliasNotFoundException(X509Alias Alias)
: base($"No {nameof(X509Alias)} by the name {Alias.Name} exists in the {Alias.Context.Name} context")
{
}
/// <summary>
/// Indicates whether there is already a storage path for the specified X509Alias on the system
/// </summary>
/// <param name="Alias">The X509Alias for which to check for a storage path</param>
/// <returns>true if a storage path exists for the specified X509Alias</returns>
public static bool AliasExists(X509Alias Alias)
{
return(File.Exists(Alias.StoragePath));
}
/// <summary>
/// Re-encrypts a secret from a different X509Alias and stores it in this X509Alias
/// </summary>
/// <param name="key">The identifier of the secret as it is stored in the old X509Alias</param>
/// <param name="OldAlias">The old X509Alias where the secret is currently encrypted and stored</param>
/// <param name="overwriteExisting">If true, an existing secret in this X509Alias with the same identifier may be overwritten</param>
/// <returns>A Base64-encoded ciphertext expression</returns>
public string AddSecret(string key, X509Alias OldAlias, bool overwriteExisting)
{
return(AddSecret(key, OldAlias.RecoverSecret(key), overwriteExisting));
}