/// <inheritdoc /> public void Save(ProtectedSecret secret) { var t = SaveAsync(secret); t.ConfigureAwait(false); t.GetAwaiter().GetResult(); }
public async Task WhenWeSaveThenRetrieveSecret() { await Repository.CreateProtectedSecretTableAsync(TableName); Repository.Save(savedSecret); returnedSecret = Repository.Get(savedSecret.ApplicationName, savedSecret.Name); }
private async Task <ProtectedSecret> TryReKeySecretsAsync(ProtectedSecret secret, string name, object context) { try { string rawEmail = this.secretProvider.UnprotectSecret(secret); return(this.secretProvider.ProtectSecret(rawEmail)); } catch (Exception ex) { this.logger.LogError(EventIDs.UIGenericError, ex, $"Unable to re-encrypt {name}"); LoginDialogData data = await this.dialogCoordinator.ShowLoginAsync(context, "Error", $"The {name} could not be automatically re-encrypted. Please re-enter the {name}", new LoginDialogSettings { ShouldHideUsername = true, RememberCheckBoxVisibility = System.Windows.Visibility.Hidden, AffirmativeButtonText = "OK", NegativeButtonVisibility = System.Windows.Visibility.Visible, NegativeButtonText = "Cancel" }); if (data != null) { return(this.secretProvider.ProtectSecret(data.Password)); } } return(null); }
private string UnprotectSecretv1(ProtectedSecret data) { byte[] salt = Convert.FromBase64String(data.Salt); byte[] protectedData = Convert.FromBase64String(data.Data); byte[] unprotectedData = ProtectedData.Unprotect(protectedData, salt, DataProtectionScope.LocalMachine); return(Encoding.UTF8.GetString(unprotectedData)); }
public async Task TableCreatedAndSecretAdded() { await Repository.CreateProtectedSecretTableAsync(TableName); _savedSecret = ProtectedSecretBuilder.Create().AnInstance(); await Repository.SaveAsync(_savedSecret); _retrievedSecret = await Repository.GetAsync(_savedSecret.ApplicationName, _savedSecret.Name); }
public void WhenWeSaveThenRetrieveSecret() { Repository.Save(savedSecret); returnedSecret = Repository.Get(savedSecret.ApplicationName, savedSecret.Name); savedSecret.MasterKeyId = editedMasterKeyId; Repository.Save(savedSecret); returnedEditedSecret = Repository.Get(savedSecret.ApplicationName, savedSecret.Name); }
public void Save(ProtectedSecret secret) { if (secret == null) { throw new ArgumentNullException(nameof(secret)); } _secrets.Save(secret); _cache.Remove(secret.ApplicationName, secret.Name); }
public ProtectedSecret ProtectSecret(string secret, X509Certificate2 cert) { ProtectedSecret protectedData = new ProtectedSecret { Mode = 2, Data = encryptionProvider.Encrypt(cert, secret) }; return(protectedData); }
public void Save(ProtectedSecret secret) { if (secret == null) { throw new ArgumentNullException(nameof(secret)); } _secrets.Save(secret); _cache.Add(secret); }
public async Task SaveAsync(ProtectedSecret secret) { if (secret == null) { throw new ArgumentNullException(nameof(secret)); } await _secrets.SaveAsync(secret); await _cache.AddAsync(secret); }
public async Task SaveAsync(ProtectedSecret secret) { if (secret == null) { throw new ArgumentNullException(nameof(secret)); } await _secrets.SaveAsync(secret); await _cache.RemoveAsync(secret.ApplicationName, secret.Name); }
public async Task WhenWeSaveThenRetrieveSecret() { await Repository.SaveAsync(savedSecret); returnedSecret = await Repository.GetAsync(savedSecret.ApplicationName, savedSecret.Name); savedSecret.MasterKeyId = editedMasterKeyId; await Repository.SaveAsync(savedSecret); returnedEditedSecret = await Repository.GetAsync(savedSecret.ApplicationName, savedSecret.Name); }
private string UnprotectSecretv3(ProtectedSecret data) { byte[] rawProtectedData = Convert.FromBase64String(data.Data); using SafeHGlobalHandle f = new SafeHGlobalHandle(rawProtectedData); var result = NCrypt.NCryptUnprotectSecret(out _, NCrypt.UnprotectSecretFlags.NCRYPT_SILENT_FLAG, f.DangerousGetHandle(), f.Size, IntPtr.Zero, IntPtr.Zero, out IntPtr unprotectedData, out uint unprotectedDataSize); result.ThrowIfFailed(); using SafeHGlobalHandle d = new SafeHGlobalHandle(unprotectedData, unprotectedDataSize, true); return(Encoding.Unicode.GetString(d.GetBytes(0, (int)unprotectedDataSize))); }
private ProtectedSecretBuilder() { _instance = new ProtectedSecret { ApplicationName = Defaults.ApplicationName, Name = Defaults.Name, MasterKeyId = Defaults.MasterKeyId, InitialisationVector = Defaults.InitialisationVector, ProtectedDocumentKey = Defaults.ProtectedDocumentKey, ProtectedSecretValue = Defaults.ProtectedSecretValue }; }
public void WeHaveSecretsToSave() { firstSecret = ProtectedSecretBuilder.Create().AnInstance(); secondSecret = ProtectedSecretBuilder .Create() .WithName("SecondSecret") .AnInstance(); notReturnedSecret = ProtectedSecretBuilder .Create() .WithApplicationName("DifferentApp") .WithName("NotReturned") .AnInstance(); }
private ProtectedSecret ProtectSecretv1(string secret) { byte[] salt = new byte[128]; this.rng.GetBytes(salt); ProtectedSecret protectedData = new ProtectedSecret { Mode = 1, Salt = Convert.ToBase64String(salt), Data = Convert.ToBase64String(ProtectedData.Protect(Encoding.UTF8.GetBytes(secret), salt, DataProtectionScope.LocalMachine)) }; return(protectedData); }
/// <inheritdoc /> public async Task SaveAsync(ProtectedSecret secret) { if (_disposed) { throw new ObjectDisposedException("AwsDynamoProtectedSecretRepository"); } var doc = new Document { [Fields.ApplicationName] = secret.ApplicationName, [Fields.SecretName] = secret.Name, [Fields.MasterKeyId] = secret.MasterKeyId, [Fields.ProtectedDocumentKey] = secret.ProtectedDocumentKey, [Fields.ProtectedSecretValue] = secret.ProtectedSecretValue, [Fields.InitialisationVector] = secret.InitialisationVector }; await _table.Value.PutItemAsync(doc).ConfigureAwait(false); }
public async Task <bool> TryReKeySecretsAsync(object context) { ProtectedSecret oldEmailOptionsPassword = this.emailOptions.Password; ProtectedSecret oldOidcSecret = this.authnOptions.Oidc?.Secret; if (this.emailOptions.Password != null) { ProtectedSecret response = await this.TryReKeySecretsAsync(this.emailOptions.Password, "SMTP password", context); if (response == null) { this.emailOptions.Password = oldEmailOptionsPassword; return(false); } this.emailOptions.Password = response; } if (this.authnOptions.Oidc?.Secret != null) { ProtectedSecret response = await this.TryReKeySecretsAsync(this.authnOptions.Oidc.Secret, "OpenID Connect secret", context); if (response == null) { this.emailOptions.Password = oldEmailOptionsPassword; this.authnOptions.Oidc.Secret = oldOidcSecret; return(false); } this.authnOptions.Oidc.Secret = response; } return(true); }
public string GetSecurityDescriptorFromSecret(ProtectedSecret data) { if (data.Mode != 3) { throw new ArgumentException("The protected data was of the incorrect format"); } byte[] rawProtectedData = Convert.FromBase64String(data.Data); using SafeHGlobalHandle f = new SafeHGlobalHandle(rawProtectedData); var result = NCrypt.NCryptUnprotectSecret(out NCrypt.SafeNCRYPT_DESCRIPTOR_HANDLE dh, NCrypt.UnprotectSecretFlags.NCRYPT_SILENT_FLAG | NCrypt.UnprotectSecretFlags.NCRYPT_UNPROTECT_NO_DECRYPT, f.DangerousGetHandle(), f.Size, IntPtr.Zero, IntPtr.Zero, out IntPtr unprotectedData, out uint unprotectedDataSize); result.ThrowIfFailed(); IntPtr ruleStringHandle = IntPtr.Zero; try { result = NCrypt.NCryptGetProtectionDescriptorInfo( dh, IntPtr.Zero, NCrypt.ProtectionDescriptorInfoType.NCRYPT_PROTECTION_INFO_TYPE_DESCRIPTOR_STRING, out ruleStringHandle); result.ThrowIfFailed(); return(Marshal.PtrToStringUni(ruleStringHandle)); } finally { if (ruleStringHandle != IntPtr.Zero) { Marshal.FreeHGlobal(ruleStringHandle); } } }
public string UnprotectSecret(ProtectedSecret data) { try { if (data?.Data == null) { return(null); } if (data.Mode == 0) { return(data.Data); } if (data.Mode == 1) { return(this.UnprotectSecretv1(data)); } if (data.Mode == 2) { return(this.UnprotectSecretv2(data)); } if (data.Mode == 3) { return(this.UnprotectSecretv3(data)); } throw new ConfigurationException("The data was protected with an encryption mechanism not known to this version of the application"); } catch (Exception ex) { throw new ConfigurationException("Unable to decrypt the encrypted data from the configuration file. Use the configuration manager application to re-enter the secret, and try again", ex); } }
public void SaveRecordsTheSecret() { SecretRepository .When(s => s.Save(Arg.Any <ProtectedSecret>())) .Do(ci => _savedSecret = ci.Arg <ProtectedSecret>()); }
private string UnprotectSecretv2(ProtectedSecret data) { return(this.encryptionProvider.Decrypt(data.Data, this.certificateProvider.FindDecryptionCertificate)); }
/// <inheritdoc /> public virtual void Save(ProtectedSecret secret) { using var conn = CreateConnection(requiresWrite: true); conn.Execute(UpsertSql, secret); }
public async Task WhenGettingNonExistentSecret() { secret = await Repository.GetAsync(appName, secretName); }
public void WhenGettingNonExistentSecret() { secret = Repository.Get(appName, secretName); }
/// <inheritdoc /> public virtual async Task SaveAsync(ProtectedSecret secret) { using var conn = CreateConnection(requiresWrite: true); await conn.ExecuteAsync(UpsertSql, secret); }
public void WeHaveSecretToSave() { savedSecret = ProtectedSecretBuilder.Create().AnInstance(); }