public static void PersistCIK(StorSimpleCmdletBase cmdlet, string resourceId, string cik)
{
if (string.IsNullOrEmpty(resourceId))
{
throw new ArgumentNullException("resourceId", Resources.ResourceIdMissing);
}
if (string.IsNullOrEmpty(cik))
{
throw new Exception(Resources.CIKInvalid);
}
StorSimpleKeyManager mgr = cmdlet.StorSimpleClient.GetResourceContext().StorSimpleKeyManager;
KeyStoreOperationStatus status = mgr.PersistCIK(cik);
if (status == KeyStoreOperationStatus.PERSIST_FILE_ALREADY_EXISTS)
{
cmdlet.WriteWarning("Key storage operation failed with error that file already exists. Deleting and retrying");
mgr.CleanupCIK();
status = mgr.PersistCIK(cik);
}
// other error codes are NOT expected - those validations have been done already
if (status != KeyStoreOperationStatus.PERSIST_SUCCESS)
{
throw new Exception(Resources.PersistSecretFailed);
}
}
public static string RetrieveCIK(StorSimpleCmdletBase cmdlet, string resourceId)
{
string cik = null;
StorSimpleKeyManager mgr = cmdlet.StorSimpleClient.GetResourceContext().StorSimpleKeyManager;
KeyStoreOperationStatus status = mgr.RetrieveCIK(out cik);
if (status == KeyStoreOperationStatus.RETRIEVE_FILESREAM_EMPTY ||
status == KeyStoreOperationStatus.RETRIEVE_FILESTREAM_INVALID)
{
// CIK was persisted, but has been corrupted
throw new Exception(Resources.PersistedCIKCorrupted);
}
if (status == KeyStoreOperationStatus.RETRIEVE_FILE_DOES_NOT_EXIST)
{
// CIK was never persisted
throw new Exception(Resources.CIKNotPersisted);
}
// other error codes are NOT expected - those validations have been done already
if (status != KeyStoreOperationStatus.RETRIEVE_SUCCESS)
{
throw new Exception(Resources.CIKFetchFailed);
}
if (string.IsNullOrEmpty(cik))
{
// CIK retrieved successfully, but is NULL :(
throw new Exception(Resources.PersistedCIKIsNull);
}
return(cik);
}
/// <summary>
/// Encrypt the secret
/// </summary>
/// <param name="secretToBeEncrypted">secret to be encrypted</param>
/// <returns>encrypted secret</returns>
public string EncryptSecret(string secretToBeEncrypted)
{
string encryptedPassword = string.Empty;
KeyStoreOperationStatus status = storSimpleCryptoManager.EncryptSecretWithRakPub(secretToBeEncrypted, out encryptedPassword);
if (KeyStoreOperationStatus.SUCCESS != status)
{
throw new Exception(Resources.ServiceSecretEncryptionFailure);
}
return(encryptedPassword);
}
/// <summary>
/// Helper method that will return an encrypted secret using rakpub.
/// Fetches CIK from the keystore and uses it to get plaintext rakpub
/// </summary>
/// <param name="secret"></param>
/// <param name="encryptedSecret"></param>
/// <returns></returns>
public KeyStoreOperationStatus EncryptSecretWithRakPub(string secret, out string encryptedSecret)
{
StorSimpleKeyManager keyManager = StorSimpleClient.GetResourceContext().StorSimpleKeyManager;
encryptedSecret = null;
//reading from keystore
string cik = null;
KeyStoreOperationStatus status = keyManager.RetrieveCIK(out cik);
if (status != KeyStoreOperationStatus.RETRIEVE_SUCCESS)
{
return(status);
}
string decryptedRAKPub = GetPlainTextRAKPub(cik);
//encrypt secret using RAKPub
encryptedSecret = CryptoHelper.EncryptSecretRSAPKCS(secret, decryptedRAKPub);
return(KeyStoreOperationStatus.SUCCESS);
}
