예제 #1
0
파일: KeyService.cs 프로젝트: denjamal/HMSD
        public void RotateEncryptionKey()
        {
            var dateTimeNow = DateTime.UtcNow;

            _keyManager.RevokeAllKeys(dateTimeNow, "manual rotating");
            _keyManager.CreateNewKey(dateTimeNow, dateTimeNow
                                     .AddDays(30));
        }
        public IActionResult CreateNewKey()
        {
            //Create a new key that will be valid for 30 days
            _keyManager.CreateNewKey(
                activationDate: DateTimeOffset.Now,
                expirationDate: DateTimeOffset.Now.AddSeconds(30));

            return(RedirectToAction("Index"));
        }
예제 #3
0
        public void PersistPassword(string key, string toEncrypt)
        {
            var securityKey = _keyManager.GetAllKeys().FirstOrDefault()
                              ?? _keyManager.CreateNewKey(DateTimeOffset.UtcNow, DateTimeOffset.MaxValue);

            var bytes = Encoding.UTF8.GetBytes(toEncrypt);

            var result = securityKey.CreateEncryptor().Encrypt(new ArraySegment <byte>(bytes), new ArraySegment <byte>(new byte[] {}));

            _passwordStorage.Save(key, result);
        }
예제 #4
0
        private CacheableKeyRing CreateCacheableKeyRingCore(DateTimeOffset now, IKey?keyJustAdded)
        {
            // Refresh the list of all keys
            var cacheExpirationToken = _keyManager.GetCacheExpirationToken();
            var allKeys = _keyManager.GetAllKeys();

            // Fetch the current default key from the list of all keys
            var defaultKeyPolicy = _defaultKeyResolver.ResolveDefaultKeyPolicy(now, allKeys);

            if (!defaultKeyPolicy.ShouldGenerateNewKey)
            {
                CryptoUtil.Assert(defaultKeyPolicy.DefaultKey != null, "Expected to see a default key.");
                return(CreateCacheableKeyRingCoreStep2(now, cacheExpirationToken, defaultKeyPolicy.DefaultKey, allKeys));
            }

            _logger.PolicyResolutionStatesThatANewKeyShouldBeAddedToTheKeyRing();

            // We shouldn't call CreateKey more than once, else we risk stack diving. This code path shouldn't
            // get hit unless there was an ineligible key with an activation date slightly later than the one we
            // just added. If this does happen, then we'll just use whatever key we can instead of creating
            // new keys endlessly, eventually falling back to the one we just added if all else fails.
            if (keyJustAdded != null)
            {
                var keyToUse = defaultKeyPolicy.DefaultKey ?? defaultKeyPolicy.FallbackKey ?? keyJustAdded;
                return(CreateCacheableKeyRingCoreStep2(now, cacheExpirationToken, keyToUse, allKeys));
            }

            // At this point, we know we need to generate a new key.

            // We have been asked to generate a new key, but auto-generation of keys has been disabled.
            // We need to use the fallback key or fail.
            if (!_keyManagementOptions.AutoGenerateKeys)
            {
                var keyToUse = defaultKeyPolicy.DefaultKey ?? defaultKeyPolicy.FallbackKey;
                if (keyToUse == null)
                {
                    _logger.KeyRingDoesNotContainValidDefaultKey();
                    throw new InvalidOperationException(Resources.KeyRingProvider_NoDefaultKey_AutoGenerateDisabled);
                }
                else
                {
                    _logger.UsingFallbackKeyWithExpirationAsDefaultKey(keyToUse.KeyId, keyToUse.ExpirationDate);
                    return(CreateCacheableKeyRingCoreStep2(now, cacheExpirationToken, keyToUse, allKeys));
                }
            }

            if (defaultKeyPolicy.DefaultKey == null)
            {
                // The case where there's no default key is the easiest scenario, since it
                // means that we need to create a new key with immediate activation.
                var newKey = _keyManager.CreateNewKey(activationDate: now, expirationDate: now + _keyManagementOptions.NewKeyLifetime);
                return(CreateCacheableKeyRingCore(now, keyJustAdded: newKey)); // recursively call
            }
            else
            {
                // If there is a default key, then the new key we generate should become active upon
                // expiration of the default key. The new key lifetime is measured from the creation
                // date (now), not the activation date.
                var newKey = _keyManager.CreateNewKey(activationDate: defaultKeyPolicy.DefaultKey.ExpirationDate, expirationDate: now + _keyManagementOptions.NewKeyLifetime);
                return(CreateCacheableKeyRingCore(now, keyJustAdded: newKey)); // recursively call
            }
        }