예제 #1
0
        private static void ValidateAbstractSecret(int version, IReadOnlyCollection <byte> secret)
        {
            var invalidVersion = version < 0;

            s_helper.Check <StorageClientException>(invalidVersion, Messages.Secret.s_errIncorrectVersion);
            var invalidSecret = secret == null || secret.Count == 0;

            s_helper.Check <StorageClientException>(invalidSecret, Messages.SecretsDataGenerator.s_errNullSecret);
        }
예제 #2
0
        public Secret GetSecret(int?version)
        {
            if (version == null)
            {
                return(CurrentSecret);
            }

            var secret = Secrets.Find(secretKey => secretKey.Version == version);

            s_helper.Check <StorageClientException>(secret == null, Messages.SecretsData.s_errIllegalVersion, version);
            return(secret);
        }
예제 #3
0
        private static void Validate(IReadOnlyCollection <long> values, string @operator)
        {
            var invalidFilter = values == null || values.Count == 0;

            s_helper.Check <StorageClientException>(invalidFilter, Messages.NumberFilter.s_errNullNumberFilter);
            var invalidOperator = !s_allOperators.Contains(@operator);

            s_helper.Check <StorageClientException>(invalidOperator,
                                                    Messages.NumberFilter.s_errIllegalNumberFilterOperator);
            var invalidSingleOperatorValues = !s_multipleValueOperators.Contains(@operator) && values.Count > 1;

            s_helper.Check <StorageClientException>(invalidSingleOperatorValues,
                                                    Messages.NumberFilter.s_errIllegalSingleNumberFilterOperator);
        }
예제 #4
0
        public EncryptionKey(int version, byte[] secretBytes) : base(version, secretBytes)
        {
#pragma warning disable CA1062
            var invalidLength = secretBytes.Length != KeyLength;
#pragma warning restore CA1062
            s_helper.Check <StorageClientException>(invalidLength, Messages.Secret.s_errKeyLength);
        }
예제 #5
0
        public string Decrypt(string cipherText, Secret secret = null)
        {
            s_helper.Check <StorageCryptoException>(string.IsNullOrEmpty(cipherText),
                                                    Messages.AesGcmCipher.s_errWrongEncryptedText);
            var decodedBytes = Convert.FromBase64String(cipherText);

            return(DecodeBytes(decodedBytes, secret, _pbkdf2Iterations, _encoding));
        }
예제 #6
0
        private static void Validate(long value1, string operator1, long value2, string operator2)
        {
            var invalidOperator1 = !s_operator1Values.Contains(operator1);

            s_helper.Check <StorageClientException>(invalidOperator1,
                                                    Messages.RangeFilter.s_errIllegalOperator1);

            var invalidOperator2 = !s_operator2Values.Contains(operator2);

            s_helper.Check <StorageClientException>(invalidOperator2,
                                                    Messages.RangeFilter.s_errIllegalOperator2);

            var invalidRange = value1 > value2;

            s_helper.Check <StorageClientException>(invalidRange,
                                                    Messages.RangeFilter.s_errIllegalRange);
        }
예제 #7
0
        protected static string DecodeBytes(byte[] decodedBytes, Secret secret, int pbkdf2Iterations, Encoding encoding)
        {
#pragma warning disable CA1062
            var invalidCipherLength = decodedBytes.Length < MetaInfoLength;
#pragma warning restore CA1062
            s_helper.Check <StorageCryptoException>(invalidCipherLength, Messages.AesGcmCipher.s_errWrongEncryptedText);
            s_helper.Check <StorageCryptoException>(secret == null, Messages.AesGcmCipher.s_errNoSecret);
            s_helper.Check <StorageCryptoException>(encoding == null, Messages.AesGcmCipher.s_errNoEncoding);

            var salt = Arrays.CopyOfRange(decodedBytes, 0, SaltLength);
            var iv   = Arrays.CopyOfRange(decodedBytes, SaltLength, MetaInfoLength);

            var encrypted = Arrays.CopyOfRange(decodedBytes, MetaInfoLength, decodedBytes.Length);
            var key       = SecretKeyFactory.GetKey(salt, secret, pbkdf2Iterations);
            try
            {
                var cipher     = new GcmBlockCipher(new AesEngine());
                var parameters = new AeadParameters(new KeyParameter(key), AuthTagLengthInBits, iv, null);
                cipher.Init(false, parameters);

                var decryptedText = new byte[cipher.GetOutputSize(encrypted.Length)];

                var len = cipher.ProcessBytes(encrypted, 0, encrypted.Length, decryptedText, 0);
                cipher.DoFinal(decryptedText, len);
#pragma warning disable CA1062
                return(encoding.GetString(decryptedText));

#pragma warning restore CA1062
            }
            catch (InvalidCipherTextException ex)
            {
                s_log.Error(ex, Messages.AesGcmCipher.s_errInvalidCipher);
                throw new StorageCryptoException(Messages.AesGcmCipher.s_errInvalidCipher, ex);
            }
            catch (System.Exception ex)
            {
                s_log.Error(ex, Messages.AesGcmCipher.s_errUnexpectedDuringDecryption);
                throw new StorageCryptoException(Messages.AesGcmCipher.s_errUnexpectedDuringDecryption, ex);
            }
            finally
            {
                SecretKeyFactory.ShuffleSecretKey(key);
            }
        }
예제 #8
0
        public CryptoProvider(AbstractCipher currentCipher = null)
        {
            _defaultCipher = new AesGcmPbkdf10KBase64Cipher(_encoding);
            AddDefaultCiphers(new PlainTextBase64Cipher(_encoding),
                              new AesGcmPbkdf10KHexCipher(_encoding),
                              _defaultCipher);
            if (currentCipher == null)
            {
                return;
            }

            s_helper.Check <StorageClientException>(string.IsNullOrEmpty(currentCipher.Name),
                                                    Messages.CryptoProvider.s_errNullCipherName);
            _customCipherDict[currentCipher.NameBase64] = currentCipher;
            _defaultCipher = currentCipher;
        }
예제 #9
0
        public FindFilter LimitAndOffset(int limit = MaximumLimit, int offset = DefaultOffset)
        {
            var invalidLimit = limit > MaximumLimit || limit < 1;

            s_helper.Check <StorageClientException>(invalidLimit, Messages.FindFilter.s_errIllegalLimit, MaximumLimit,
                                                    limit);
            s_helper.Check <StorageClientException>(offset < 0, Messages.FindFilter.s_errIllegalOffset);
            Limit  = limit;
            Offset = offset;
            return(this);
        }
예제 #10
0
        private Storage(StorageConfig config)
        {
            s_helper.Check <StorageClientException>(config == null, Messages.Storage.s_errNullConfig);
            _httpClient = new HttpClient();
            _httpClient.DefaultRequestHeaders.UserAgent.Add(new ProductInfoHeaderValue(VersionInfo.ProductName,
                                                                                       VersionInfo.ProductVersion));
#pragma warning disable CA1062
            _httpClient.Timeout = new TimeSpan(0, 0, config.HttpTimeout);
#pragma warning restore CA1062
            ITokenClient tokenClient = null;
            if (!string.IsNullOrEmpty(config.ApiKey))
            {
                tokenClient = new ApiKeyTokenClient(config.ApiKey);
            }

            if (!(string.IsNullOrEmpty(config.ClientId) || string.IsNullOrEmpty(config.ClientSecret)))
            {
                tokenClient = new OAuthTokenClient(config.DefaultAuthEndpoint, config.AuthEndpoints,
                                                   config.EnvironmentId, config.ClientId, config.ClientSecret, _httpClient);
            }


            s_helper.Check <StorageClientException>(tokenClient == null, Messages.Storage.s_errNullCredentials);
            _cryptoProvider = config.CryptoProvider;
            if (config.CryptoProvider == null)
            {
                _cryptoProvider = new CryptoProvider();
            }

            _cryptoProvider.ValidateCustomCiphers(config.SecretKeyAccessor?.Invoke());
            _hashUtils   = new HashUtils(config.EnvironmentId, config.NormalizeKeys, Encoding.UTF8);
            _transformer = new DtoTransformer(_cryptoProvider, _hashUtils, config.HashSearchKeys,
                                              config.SecretKeyAccessor);
            _dao = HttpDao.NewDao(config.EnvironmentId, tokenClient, _httpClient, config.EndPoint, config.EndpointMask,
                                  config.CountriesEndPoint);
        }
예제 #11
0
        private static void Validate(IReadOnlyCollection <string> values)
        {
            var invalidFilter = values == null || values.Count == 0 || values.Contains(null);

            s_helper.Check <StorageClientException>(invalidFilter, Messages.StringFilter.s_errNullStringFilter);
        }