/// <summary>
/// Encrypts the specified plaintext expression
/// </summary>
/// <param name="thumbprint">The thumbprint of the certificate to use for encryption</param>
/// <param name="plaintext">The plaintext expression to encrypt</param>
/// <param name="Context">The certificate store where the encryption certificate resides</param>
/// <param name="verbose">True enables verbose logging</param>
/// <returns></returns>
/// <example>
/// <code>
/// string thumbprint = @"ccdc673c40ebb2a433300c0c8a2ba6f443da5688";
/// <see cref="X509Context"/> certStore = <see cref="X509Context"/>.<see cref="X509Context.UserReadOnly"/>;
/// string plaintext = @"Please encrypt this";
/// string ciphertext = <see cref="X509Utils"/>.EncryptText(thumbprint, plaintext, certStore);
/// </code>
/// </example>
public static string EncryptText(string thumbprint, string plaintext, X509Context Context, bool verbose = false)
{
using (X509CryptoAgent cryptoAgent = new X509CryptoAgent(FormatThumbprint(thumbprint), Context))
{
return(cryptoAgent.EncryptText(plaintext));
}
}
internal X509Secret(X509Alias Alias, string key, string value)
{
string cipherText;
try
{
Key = key;
using (X509CryptoAgent Agent = new X509CryptoAgent(Alias))
{
cipherText = Agent.EncryptText(value);
}
Value = cipherText;
}
catch (Exception ex)
{
throw new X509CryptoException($"Could not encrypt new secret named \"{key}\" in alias \"{Alias.Name}\"", ex);
}
}
/// <summary>
/// Re-encrypts a ciphertext expression using a different certificate
/// </summary>
/// <param name="oldThumbprint">The thumbprint of the old certificate used for prior encryption</param>
/// <param name="newThumbprint">The thumbprint of the new certificate to be used for re-encryption</param>
/// <param name="ciphertext">The ciphertext expression to be re-encrypted</param>
/// <param name="OldContext">(Optional) The X509Context where the old encryption certificate resides (Default: <see cref="X509Context"/>.<see cref="X509Context.UserReadOnly"/>)</param>
/// <param name="NewContext">(Optional) The X509Context where the new encryption certificate resides (Default: <see cref="X509Context"/>.<see cref="X509Context.UserReadOnly"/>)</param>
/// <param name="verbose">(Optional) True enables verbose logging (Default: false)</param>
/// <returns>The text expression re-encrypted using the new certificate</returns>
/// <example>
/// <code>
/// string oldThumbprint = @"ccdc673c40ebb2a433300c0c8a2ba6f443da5688";
/// string newThumbprint = @"0e7e327aab74e47a702c02d90c659da1115b29f7";
/// string ciphertext = File.ReadAllText(@"C:\data\connectionString.txt");
/// string updatedCiphertext = <see cref="X509Utils"/>.ReEncryptText(oldThumbprint, newThumbprint, ciphertext);
/// File.WriteAllText(@"C:\data\connectionString.txt", updatedCiphertext);
/// </code>
/// </example>
public static string ReEncryptText(string oldThumbprint, string newThumbprint, string ciphertext, X509Context OldContext = null, X509Context NewContext = null, bool verbose = false)
{
if (OldContext == null)
{
OldContext = X509Context.UserReadOnly;
}
if (NewContext == null)
{
NewContext = X509Context.UserReadOnly;
}
using (X509CryptoAgent oldAgent = new X509CryptoAgent(FormatThumbprint(oldThumbprint), OldContext))
{
using (X509CryptoAgent newAgent = new X509CryptoAgent(FormatThumbprint(newThumbprint), NewContext))
{
return(newAgent.EncryptText(oldAgent.DecryptText(ciphertext)));
}
}
}
/// <summary>
/// Re-encrypts the specified ciphertext expression using a different X509CryptoAgent
/// </summary>
/// <param name="ciphertext">the ciphertext expression to be re-encrypted</param>
/// <param name="newAgent">the X509CryptoAgent to be used to perform re-encryption</param>
/// <returns></returns>
public string ReEncryptText(string ciphertext, X509CryptoAgent newAgent)
{
return(newAgent.EncryptText(DecryptText(ciphertext)));
}
