public SavingPrivateKeyProvider(
IPrivateKeyProvider inner,
ISanePublicKeyDataProvider publicKeyDataProvider
) {
m_inner = inner;
m_publicKeyDataProvider = publicKeyDataProvider;
}
public string SaveDecryptedJson(string json, string outputFile, IPrivateKeyProvider keyProvider = null)
{
var decryptedJson = GetDecryptedJson(json, keyProvider);
_fileSystem.WriteAllText(outputFile, decryptedJson);
return("Saved to: " + outputFile);
}
public AuthServiceMock(KeyType keyType = KeyType.RSA)
{
m_server = HttpMockFactory.Create(out m_host);
#pragma warning disable 618
m_publicKeyDataProvider = PublicKeyDataProviderFactory.CreateInternal(new InMemoryPublicKeyDataProvider());
#pragma warning restore 618
TimeSpan keyLifetime = TimeSpan.FromDays(365);
TimeSpan keyRotationPeriod = TimeSpan.FromDays(182);
switch (keyType)
{
case KeyType.ECDSA_P256:
case KeyType.ECDSA_P384:
case KeyType.ECDSA_P521: {
CngAlgorithm curve;
switch (keyType)
{
case KeyType.ECDSA_P521:
curve = CngAlgorithm.ECDsaP521;
break;
case KeyType.ECDSA_P384:
curve = CngAlgorithm.ECDsaP384;
break;
case KeyType.ECDSA_P256:
default:
curve = CngAlgorithm.ECDsaP256;
break;
}
m_privateKeyProvider = EcDsaPrivateKeyProvider
.Factory
.Create(
m_publicKeyDataProvider,
keyLifetime,
keyRotationPeriod,
curve
);
break;
}
case KeyType.RSA:
default: {
m_privateKeyProvider = RsaPrivateKeyProvider
.Factory
.Create(
m_publicKeyDataProvider,
keyLifetime,
keyRotationPeriod
);
break;
}
}
m_tokenSigner = new TokenSigner(m_privateKeyProvider);
}
public NeighborsMessageSerializer(
ISigner signer,
IPrivateKeyProvider privateKeyProvider,
IDiscoveryMessageFactory messageFactory,
INodeIdResolver nodeIdResolver,
INodeFactory nodeFactory) : base(signer, privateKeyProvider, messageFactory, nodeIdResolver, nodeFactory)
{
}
public SavingPrivateKeyProvider(
IPrivateKeyProvider inner,
ISanePublicKeyDataProvider publicKeyDataProvider
)
{
m_inner = inner;
m_publicKeyDataProvider = publicKeyDataProvider;
}
protected DiscoveryMessageSerializerBase(ISigner signer, IPrivateKeyProvider privateKeyProvider, IDiscoveryMessageFactory messageFactory, INodeIdResolver nodeIdResolver, INodeFactory nodeFactory)
{
_signer = signer;
_privateKey = privateKeyProvider.PrivateKey;
MessageFactory = messageFactory;
NodeIdResolver = nodeIdResolver;
NodeFactory = nodeFactory;
}
public RotatingPrivateKeyProvider(
IPrivateKeyProvider inner,
IDateTimeProvider dateTimeProvider,
TimeSpan keyRotationPeriod
) {
m_inner = inner;
m_dateTimeProvider = dateTimeProvider;
m_keyRotationPeriod = keyRotationPeriod;
}
public void OneTimeSetUp()
{
#pragma warning disable 618
m_privateKeyProvider = new StaticPrivateKeyProvider(
keyId: TestKeyId,
rsaParameters: TestStaticKeyProvider.TestRSAParameters);
#pragma warning restore 618
m_tokenSigner = new TokenSigner(m_privateKeyProvider);
}
public RotatingPrivateKeyProvider(
IPrivateKeyProvider inner,
IDateTimeProvider dateTimeProvider,
TimeSpan keyRotationPeriod
)
{
m_inner = inner;
m_dateTimeProvider = dateTimeProvider;
m_keyRotationPeriod = keyRotationPeriod;
}
public AuthServiceMock( KeyType keyType = KeyType.RSA ) {
m_server = HttpMockFactory.Create( out m_host );
#pragma warning disable 618
m_publicKeyDataProvider = PublicKeyDataProviderFactory.CreateInternal( new InMemoryPublicKeyDataProvider() );
#pragma warning restore 618
TimeSpan keyLifetime = TimeSpan.FromDays( 365 );
TimeSpan keyRotationPeriod = TimeSpan.FromDays( 182 );
switch( keyType ) {
case KeyType.ECDSA_P256:
case KeyType.ECDSA_P384:
case KeyType.ECDSA_P521: {
CngAlgorithm curve;
switch( keyType ) {
case KeyType.ECDSA_P521:
curve = CngAlgorithm.ECDsaP521;
break;
case KeyType.ECDSA_P384:
curve = CngAlgorithm.ECDsaP384;
break;
case KeyType.ECDSA_P256:
default:
curve = CngAlgorithm.ECDsaP256;
break;
}
m_privateKeyProvider = EcDsaPrivateKeyProvider
.Factory
.Create(
m_publicKeyDataProvider,
keyLifetime,
keyRotationPeriod,
curve
);
break;
}
case KeyType.RSA:
default: {
m_privateKeyProvider = RsaPrivateKeyProvider
.Factory
.Create(
m_publicKeyDataProvider,
keyLifetime,
keyRotationPeriod
);
break;
}
}
m_tokenSigner = new TokenSigner( m_privateKeyProvider );
}
protected DiscoveryMessageSerializerBase(
ISigner signer,
IPrivateKeyProvider privateKeyProvider,
IDiscoveryMessageFactory messageFactory,
INodeIdResolver nodeIdResolver,
INodeFactory nodeFactory)
{
_signer = signer ?? throw new ArgumentNullException(nameof(signer));
_privateKey = privateKeyProvider.PrivateKey ?? throw new ArgumentNullException(nameof(_privateKey));
MessageFactory = messageFactory ?? throw new ArgumentNullException(nameof(messageFactory));
NodeIdResolver = nodeIdResolver ?? throw new ArgumentNullException(nameof(nodeIdResolver));
NodeFactory = nodeFactory ?? throw new ArgumentNullException(nameof(nodeFactory));
}
public void SetUp() {
m_mockPublicKeyDataProvider = new Mock<ISanePublicKeyDataProvider>( MockBehavior.Strict );
m_mockPublicKeyDataProvider.Setup( pkdp => pkdp.SaveAsync( It.IsAny<JsonWebKey>() ) ).Returns( Task.Delay( 0 ) );
m_mockDateTimeProvider = new Mock<IDateTimeProvider>();
m_mockDateTimeProvider.Setup( dp => dp.UtcNow ).Returns( () => DateTime.UtcNow );
m_privateKeyProvider = RsaPrivateKeyProvider.Factory.Create(
m_mockPublicKeyDataProvider.Object,
KEY_LIFETIME,
ROTATION_PERIOD,
m_mockDateTimeProvider.Object
);
}
private JObject GetDecryptJObject(string json, IPrivateKeyProvider keyProvider)
{
var jObject = JObjectTools.GetJObject(json);
var publicKey = GetPublicKey(jObject);
keyProvider = keyProvider ?? new DefaultPrivateKeyProvider();
if (keyProvider.TryGetPrivateKey(publicKey, out string privateKey))
{
_jObjectCrypto.Decrypt(jObject, privateKey);
return(jObject);
}
throw new InvalidOperationException($"Could not find private key for: {publicKey}");
}
public void SetUp()
{
m_mockPublicKeyDataProvider = new Mock <ISanePublicKeyDataProvider>(MockBehavior.Strict);
m_mockPublicKeyDataProvider.Setup(pkdp => pkdp.SaveAsync(It.IsAny <Guid>(), It.IsAny <JsonWebKey>())).Returns(Task.CompletedTask);
m_mockDateTimeProvider = new Mock <IDateTimeProvider>();
m_mockDateTimeProvider.Setup(dp => dp.UtcNow).Returns(() => DateTimeOffset.UtcNow);
m_privateKeyProvider = RsaPrivateKeyProvider.Factory.Create(
m_mockPublicKeyDataProvider.Object,
KEY_LIFETIME,
ROTATION_PERIOD,
m_mockDateTimeProvider.Object
);
}
public string SaveKeyPair(IPrivateKeyProvider keyProvider = null)
{
keyProvider = keyProvider ?? new DefaultPrivateKeyProvider();
var keyPair = _publicKeyBox.GenerateKeyPair();
var publicKeyHex = HexConverter.BinaryToHex(keyPair.PublicKey);
var privateKeyHex = HexConverter.BinaryToHex(keyPair.SecretKey);
keyProvider.SavePrivateKey(publicKeyHex, privateKeyHex);
var output = new StringBuilder();
output.AppendLine(publicKeyHex);
return(output.ToString().Trim());
}
/// <summary>
/// Creates an <see cref="ITokenSigner"/> instance which saves public keys to the provided <see cref="IPublicKeyDataProvider"/>
/// </summary>
/// <param name="publicKeyDataProvider">The <see cref="IPublicKeyDataProvider"/> for the local service</param>
/// <param name="keyLifetime">The max time a private key and its tokens may be used for</param>
/// <param name="keyRotationPeriod">How often to switch to signing with a new private key. The difference between this and <paramref name="keyLifetime"/> is the maximum token lifetime.</param>
/// <returns>A new <see cref="ITokenSigner"/></returns>
public static ITokenSigner Create(
IPublicKeyDataProvider publicKeyDataProvider,
TimeSpan keyLifetime,
TimeSpan keyRotationPeriod
)
{
IPrivateKeyProvider privateKeyProvider = RsaPrivateKeyProvider
.Factory
.Create(
publicKeyDataProvider,
keyLifetime,
keyRotationPeriod
);
var tokenSigner = new TokenSigner(privateKeyProvider);
return(tokenSigner);
}
public DiscoveryMsgSerializersProvider(
IMessageSerializationService messageSerializationService,
ISigner signer,
IPrivateKeyProvider privateKeyProvider,
IDiscoveryMessageFactory messageFactory,
INodeIdResolver nodeIdResolver,
INodeFactory nodeFactory)
{
var pingSerializer = new PingMessageSerializer(signer, privateKeyProvider, messageFactory, nodeIdResolver, nodeFactory);
var pongSerializer = new PongMessageSerializer(signer, privateKeyProvider, messageFactory, nodeIdResolver, nodeFactory);
var findNodeSerializer = new FindNodeMessageSerializer(signer, privateKeyProvider, messageFactory, nodeIdResolver, nodeFactory);
var neighborsSerializer = new NeighborsMessageSerializer(signer, privateKeyProvider, messageFactory, nodeIdResolver, nodeFactory);
_messageSerializationService = messageSerializationService;
_pingMessageSerializer = pingSerializer;
_pongMessageSerializer = pongSerializer;
_findNodeMessageSerializer = findNodeSerializer;
_neighborsMessageSerializer = neighborsSerializer;
}
private static void Runner(
IPrivateKeyProvider provider,
ManualResetEventSlim go,
int threadNumber
) {
// wait for start signal
go.Wait();
for( int i = 0; i < SIGNATURES_PER_THREAD; i++ ) {
using( D2LSecurityToken securityToken = provider.GetSigningCredentialsAsync()
.SafeAsync()
.GetAwaiter()
.GetResult()
) {
string signedToken = Sign( securityToken );
Thread.Sleep( TimeSpan.FromMilliseconds( 20 ) );
AssertSignatureVerifiable( securityToken, signedToken );
}
}
}
/// <summary>
/// Creates an <see cref="ITokenSigner"/> instance which saves public keys to the provided <see cref="IPublicKeyDataProvider"/>
/// </summary>
/// <param name="publicKeyDataProvider">The <see cref="IPublicKeyDataProvider"/> for the local service</param>
/// <param name="curve">The curve to use</param>
/// <param name="keyLifetime">The max time a private key and its tokens may be used for</param>
/// <param name="keyRotationPeriod">How often to switch to signing with a new private key. The difference between this and <paramref name="keyLifetime"/> is the maximum token lifetime.</param>
/// <returns>A new <see cref="ITokenSigner"/></returns>
public static ITokenSigner Create(
IPublicKeyDataProvider publicKeyDataProvider,
Curve curve,
TimeSpan keyLifetime,
TimeSpan keyRotationPeriod
)
{
CngAlgorithm algorithm;
switch (curve)
{
case Curve.P521: {
algorithm = CngAlgorithm.ECDsaP521;
break;
}
case Curve.P384: {
algorithm = CngAlgorithm.ECDsaP384;
break;
}
case Curve.P256:
default: {
algorithm = CngAlgorithm.ECDsaP256;
break;
}
}
IPrivateKeyProvider privateKeyProvider = EcDsaPrivateKeyProvider
.Factory
.Create(
publicKeyDataProvider,
keyLifetime,
keyRotationPeriod,
algorithm
);
var tokenSigner = new TokenSigner(privateKeyProvider);
return(tokenSigner);
}
/// <summary>
/// Creates an <see cref="ITokenSigner"/> instance which saves public keys to the provided <see cref="IPublicKeyDataProvider"/>
/// </summary>
/// <param name="publicKeyDataProvider">The <see cref="IPublicKeyDataProvider"/> for the local service</param>
/// <param name="curve">The curve to use</param>
/// <param name="keyLifetime">The max time a private key and its tokens may be used for</param>
/// <param name="keyRotationPeriod">How often to switch to signing with a new private key. The difference between this and <paramref name="keyLifetime"/> is the maximum token lifetime.</param>
/// <returns>A new <see cref="ITokenSigner"/></returns>
public static ITokenSigner Create(
IPublicKeyDataProvider publicKeyDataProvider,
Curve curve,
TimeSpan keyLifetime,
TimeSpan keyRotationPeriod
)
{
ECCurve curveInternal;
switch (curve)
{
case Curve.P521: {
curveInternal = ECCurve.NamedCurves.nistP256;
break;
}
case Curve.P384: {
curveInternal = ECCurve.NamedCurves.nistP384;
break;
}
case Curve.P256:
default: {
curveInternal = ECCurve.NamedCurves.nistP521;
break;
}
}
IPrivateKeyProvider privateKeyProvider = EcDsaPrivateKeyProvider
.Factory
.Create(
publicKeyDataProvider,
keyLifetime,
keyRotationPeriod,
curveInternal
);
var tokenSigner = new TokenSigner(privateKeyProvider);
return(tokenSigner);
}
private static void Runner(
IPrivateKeyProvider provider,
ManualResetEventSlim go,
int threadNumber
)
{
// wait for start signal
go.Wait();
for (int i = 0; i < SIGNATURES_PER_THREAD; i++)
{
using (D2LSecurityToken securityToken = provider.GetSigningCredentialsAsync()
.ConfigureAwait(false)
.GetAwaiter()
.GetResult()
) {
string signedToken = Sign(securityToken);
Thread.Sleep(TimeSpan.FromMilliseconds(20));
AssertSignatureVerifiable(securityToken, signedToken);
}
}
}
public DefaultPrivateKeyProvider Add(IPrivateKeyProvider privateKeyProvider)
{
_providers.Add(privateKeyProvider);
return(this);
}
public ValidateLicenseSteps()
{
this.serverLicenseGenerator = new ServerLicenseGenerator();
this.privateKeyProvider = new RsaPrivateKeyProvider();
this.licenseValidator = new LicenseValidator();
}
protected RunnerAppBase(ILogger logger, IPrivateKeyProvider privateKeyProvider)
{
Logger = logger;
PrivateKeyProvider = privateKeyProvider;
}
public TokenSigner(
IPrivateKeyProvider privateKeyProvider
)
{
m_privateKeyProvider = privateKeyProvider;
}
public static void Configure(IPrivateKeyProvider keyProvider)
{
keyProvider = keyProvider;
}
public ValidateLicenseSteps()
{
this.serverLicenseGenerator = new ServerLicenseGenerator();
this.privateKeyProvider = new RsaPrivateKeyProvider();
this.licenseValidator = new LicenseValidator();
}
internal static string SaveDecryptedJsonFromFile(this IEJsonCrypto eJsonCrypto, string fileName, string outputFile, IPrivateKeyProvider keyProvider, IFileSystem fileSystem)
{
fileSystem = fileSystem ?? new FileSystemWrapper();
var json = fileSystem.ReadAllText(fileName);
return(eJsonCrypto.SaveDecryptedJson(json, outputFile, keyProvider));
}
public static string SaveDecryptedJsonFromFile(this IEJsonCrypto eJsonCrypto, string fileName, string outputFile, IPrivateKeyProvider keyProvider = null)
{
return(SaveDecryptedJsonFromFile(eJsonCrypto, fileName, outputFile, keyProvider, null));
}
public static string GetDecryptedJson(this IEJsonCrypto eJsonCrypto, Stream stream, IPrivateKeyProvider keyProvider = null)
{
var json = new StreamReader(stream).ReadToEnd();
return(eJsonCrypto.GetDecryptedJson(json, keyProvider));
}
/// <summary>
/// Creates an authorizer.
/// </summary>
/// <param name="privateKeyProvider">Private key provider.</param>
/// <param name="hashGenerator">Hash generator.</param>
public PrivateKeyQueryAuthorizer(IPrivateKeyProvider privateKeyProvider, IHashGenerator hashGenerator)
{
_privateKeyProvider = privateKeyProvider;
_hashGenerator = hashGenerator;
}
public TokenSigner(
IPrivateKeyProvider privateKeyProvider
) {
m_privateKeyProvider = privateKeyProvider;
}
public string GetDecryptedJson(string json, IPrivateKeyProvider keyProvider = null)
{
var jObject = GetDecryptJObject(json, keyProvider);
return(JObjectTools.GetJson(jObject));
}
