/// <summary>
/// This method constructs an Asymmetric data encryptor from a certificate found in the certificate store.
/// </summary>
/// <param name="storeLocation">The store location.</param>
/// <param name="storeName">The store name.</param>
/// <param name="certificateSelector">The certificate predicate selector, cannot be null.</param>
/// <param name="keySelector">The delegate that extracts the key data from the certificate, cannot be null.</param>
/// <exception cref="InvalidOperationException">The certificate could not be found or loaded.</exception>
/// <exception cref="SecurityException">The calling context is denied access to the certificate store.</exception>
/// <exception cref="CryptographicException">The encryption operation failed.</exception>
/// <returns>The asymmetric key, cannot be null.</returns>
private static AsymmetricDataEncryptor LoadCertificateKey(StoreLocation storeLocation, StoreName storeName, Predicate <X509Certificate2> certificateSelector, Func <X509Certificate2, string> keySelector)
{
// argument validation done in public method for first three arguments, last argument trusted to be not null
X509Store store = null;
try
{
store = new X509Store(storeName, storeLocation);
store.Open(OpenFlags.ReadOnly);
X509Certificate2 certificate = store.Certificates.Cast <X509Certificate2>().FirstOrDefault(cert => certificateSelector(cert));
if (certificate != null)
{
// capture keydata once so that multiple calls to encrypt/decrypt for a single instance of AsymmetricDataEncryptor always behaves the same
// but keep the key under DPAPI encryption to protect from crash dump attacks
IStringEncryptor encryptor = StringEncryptor.Create(CurrentUserDataEncryptor.Instance);
string keyDataCipher = encryptor.Encrypt(AsymmetricDataEncryptor.InMemoryKeyName, keySelector(certificate));
return(new AsymmetricDataEncryptor(() => encryptor.Decrypt(AsymmetricDataEncryptor.InMemoryKeyName, keyDataCipher)));
}
}
finally
{
if (store != null)
{
store.Close();
store = null;
}
}
throw new InvalidOperationException("The requested certificate could not be loaded.");
}
public static bool DecryptConnectionString(
[NotNull] IStringEncryptor stringEncryptor,
[NotNull] string connectionString,
[NotNull] out string decryptedConnectionString)
{
var builder = new ConnectionStringBuilder(connectionString);
bool changed = false;
foreach (KeyValuePair <string, string> pair in builder.GetEntries())
{
string keyword = pair.Key;
string value = pair.Value;
string innerValue;
if (!PropertyValueEncryptionUtils.IsEncryptedValue(value, out innerValue))
{
continue;
}
builder.Update(keyword, stringEncryptor.Decrypt(innerValue));
changed = true;
}
decryptedConnectionString = changed
? builder.ConnectionString
: connectionString;
return(changed);
}
public UsersManagementService(IUsersRepository usersRepository, ISettingsRepository settingsRepository)
{
Protector.SetIfNotNull(ref _usersRepository, usersRepository);
Protector.SetIfNotNull(ref _settingsRepository, settingsRepository);
_encryptor = new StringEncryptor(_settingsRepository);
}
internal static User Encrypt(this User user, IStringEncryptor encryptor)
{
user.Credentials = encryptor.EncryptString(user.Credentials);
user.Birthday = encryptor.EncryptString(user.Birthday);
user.Email = encryptor.EncryptString(user.Email);
user.Comment = encryptor.EncryptString(user.Comment);
return(user);
}
/// <summary>
/// Creates an AsymmetricDataEncryptor instance with a new RSA key.
/// </summary>
/// <returns>The asymmetric key, cannot be null.</returns>
public static AsymmetricDataEncryptor GenerateRandomEncryptor()
{
// capture keydata once so that multiple calls to encrypt/decrypt for a single instance of AsymmetricDataEncryptor always behaves the same
// but keep the key under DPAPI encryption to protect from crash dump attacks
IStringEncryptor encryptor = StringEncryptor.Create(CurrentUserDataEncryptor.Instance);
string keyDataCipher = encryptor.Encrypt(AsymmetricDataEncryptor.InMemoryKeyName, AsymmetricDataEncryptor.GenerateKey());
return(new AsymmetricDataEncryptor(() => encryptor.Decrypt(AsymmetricDataEncryptor.InMemoryKeyName, keyDataCipher)));
}
public PendingClientService(
IRepository <PendingClientEntity> pendingClientRepository,
IStringEncryptor stringEncryptor,
ICryptoService cryptoService,
IMapper mapper)
{
_pendingClientRepository = pendingClientRepository;
_stringEncryptor = stringEncryptor;
_cryptoService = cryptoService;
_mapper = mapper;
}
public PendingClientService(
IRepository<PendingClientEntity> pendingClientRepository,
IStringEncryptor stringEncryptor,
ICryptoService cryptoService,
IMapper mapper)
{
_pendingClientRepository = pendingClientRepository;
_stringEncryptor = stringEncryptor;
_cryptoService = cryptoService;
_mapper = mapper;
}
/// <summary>
/// Saves the public property values contained in the current instance to an encrypted file. Key and IV parameters are used
/// to specify an AES encryption. Serialization is used to get the object values into an XML string that will be encrypted and
/// written to the output file.
/// </summary>
/// <param name="filePath">Full path for output file.</param>
/// <param name="key">AES encryption key.</param>
/// <param name="iv">AES IV value.</param>
/// <remarks>Only AES encryption is supported by this routine.</remarks>
public void SaveToXmlFile(string filePath, string key, string iv)
{
pfEncryptionAlgorithm alg = pfEncryptionAlgorithm.AES;
IStringEncryptor enc2 = PFEncryption.GetStringEncryptor(alg);
//store xml data in a string
string xmldata = this.ToXmlString();
//encrypt the xml data string
enc2.Key = key;
enc2.IV = iv;
string encryptedXML = enc2.Encrypt(xmldata);
//save encrypted xml to file
File.WriteAllText(filePath, encryptedXML);
}
/// <summary>
/// Creates and initializes an instance of the class by loading a serialized version of the instance stored in an encrypted file.
/// The file is first decrypted into an XML string and the XML string is then used to create an instance of the class.
/// </summary>
/// <param name="filePath">Full path for the input file.</param>
/// <param name="key">AES encryption key.</param>
/// <param name="iv">AES IV value.</param>
/// <returns>An instance of PFKeyValueListEx.</returns>
/// <remarks>Only AES encryption is supported by this routine.</remarks>
public static PFKeyValueListExSorted <K, V> LoadFromXmlFile(string filePath, string key, string iv)
{
pfEncryptionAlgorithm alg = pfEncryptionAlgorithm.AES;
IStringEncryptor enc2 = PFEncryption.GetStringEncryptor(alg);
PFKeyValueListExSorted <K, V> listElements;
//first: load the encrypted data from the specified file
string encryptedXML = File.ReadAllText(filePath);
//next: decrypt the encrypted data
enc2.Key = key;
enc2.IV = iv;
string xmldata = enc2.Decrypt(encryptedXML);
//step 3: create a PFLIcense object from the decrypted string
listElements = LoadFromXmlString(xmldata);
//finally: return to caller
return(listElements);
}
public UserRepository(IStringEncryptor encryptor, IDapperSampleContext dapperSampleContext, System.Data.IDbTransaction transaction = null)
: base(dapperSampleContext, transaction)
{
this.encryptor = encryptor;
}
public HashUserPassword([Named(nameof(AESEncryptor))] IStringEncryptor encryptor)
{
_encryptor = encryptor;
}
public HashUserPassword()
{
_encryptor = CompositionRoot.Resolve <IStringEncryptor>(nameof(AESEncryptor));
}
public RecoveryLinkService(IStringEncryptor stringEncryptor)
{
_stringEncryptor = stringEncryptor;
}
public HashUserPassword([KeyFilter(nameof(AESEncryptor))] IStringEncryptor encryptor)
{
_encryptor = encryptor;
}
public RecoveryLinkService(IStringEncryptor stringEncryptor)
{
_stringEncryptor = stringEncryptor;
}
