/// <summary>
/// Decrypts the connection string
/// </summary>
/// <param name="dbConnectSting"></param>
/// <returns></returns>
private static string DecryptDBConnStr(string dbConnectString)
{
CryptoManager crypto = new CryptoManager(CryptoType.Rijndael, CryptoKey, CryptoIV);
//decrypt the string
crypto.Decrypt(ref dbConnectString);
return(dbConnectString);
}
private static string HandleConnectionString(this ConnectionDetail connectionDetail, string connectionString)
{
var csb = new DbConnectionStringBuilder {
ConnectionString = connectionString
};
if (csb.ContainsKey("timeout"))
{
var csTimeout = TimeSpan.Parse(csb["timeout"].ToString());
csb.Remove("timeout");
CrmServiceClient.MaxConnectionTimeout = csTimeout;
}
connectionDetail.OriginalUrl = csb["Url"].ToString();
connectionDetail.UserName = csb.ContainsKey("username") ? csb["username"].ToString() :
csb.ContainsKey("clientid") ? csb["clientid"].ToString() : null;
if (csb.ContainsKey("Password"))
{
csb["Password"] = CryptoManager.Decrypt(csb["Password"].ToString(), ConnectionManager.CryptoPassPhrase,
ConnectionManager.CryptoSaltValue,
ConnectionManager.CryptoHashAlgorythm,
ConnectionManager.CryptoPasswordIterations,
ConnectionManager.CryptoInitVector,
ConnectionManager.CryptoKeySize);
}
if (csb.ContainsKey("ClientSecret"))
{
csb["ClientSecret"] = CryptoManager.Decrypt(csb["ClientSecret"].ToString(), ConnectionManager.CryptoPassPhrase,
ConnectionManager.CryptoSaltValue,
ConnectionManager.CryptoHashAlgorythm,
ConnectionManager.CryptoPasswordIterations,
ConnectionManager.CryptoInitVector,
ConnectionManager.CryptoKeySize);
}
var cs = csb.ToString();
if (cs.IndexOf("RequireNewInstance=", StringComparison.Ordinal) < 0)
{
if (!cs.EndsWith(";"))
{
cs += ";";
}
cs += "RequireNewInstance=True;";
}
return(cs);
}
private AuthenticationResult GetAccessTokenFromAzureAD(Uri orgUrl)
{
var clientSecret = CryptoManager.Decrypt(_connection.S2SClientSecret, ConnectionManager.CryptoPassPhrase,
ConnectionManager.CryptoSaltValue,
ConnectionManager.CryptoHashAlgorythm,
ConnectionManager.CryptoPasswordIterations,
ConnectionManager.CryptoInitVector,
ConnectionManager.CryptoKeySize);
var credentials = new ClientCredential(_connection.AzureAdAppId.ToString(), clientSecret);
var parameters = AuthenticationParameters.CreateFromResourceUrlAsync(orgUrl).Result;
var context = new AuthenticationContext(parameters.Authority);
var result = context.AcquireToken(parameters.Resource, credentials);
return(result);
}
private Token GetAccessTokenFromAzureAD(Uri orgUrl)
{
var secret = CryptoManager.Decrypt(_connection.S2SClientSecret, ConnectionManager.CryptoPassPhrase,
ConnectionManager.CryptoSaltValue,
ConnectionManager.CryptoHashAlgorythm,
ConnectionManager.CryptoPasswordIterations,
ConnectionManager.CryptoInitVector,
ConnectionManager.CryptoKeySize);
var resource = new Uri(orgUrl, "/");
var url = "https://login.microsoftonline.com/common/oauth2/token";
var data = new Dictionary <string, string>
{
["client_id"] = _connection.AzureAdAppId.ToString(),
["client_secret"] = secret,
["resource"] = resource.ToString(),
["grant_type"] = "refresh_token",
["refresh_token"] = _connection.RefreshToken,
["redirect_uri"] = _connection.ReplyUrl
};
var req = WebRequest.Create(url);
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";
using (var reqStream = req.GetRequestStream())
using (var writer = new StreamWriter(reqStream))
{
writer.Write(String.Join("&", data.Select(kvp => $"{HttpUtility.UrlEncode(kvp.Key)}={HttpUtility.UrlEncode(kvp.Value)}")));
}
using (var resp = req.GetResponse())
using (var respStream = resp.GetResponseStream())
using (var reader = new StreamReader(respStream))
{
var json = reader.ReadToEnd();
var token = JsonConvert.DeserializeObject <Token>(json);
if (!String.IsNullOrEmpty(token.refresh_token))
{
_connection.RefreshToken = token.refresh_token;
}
return(token);
}
}
private static void ConnectOnline(this ConnectionDetail connectionDetail)
{
connectionDetail.AuthType = (CrmWebResourcesUpdater.DataModels.AuthenticationProviderType)(int) AuthenticationProviderType.OnlineFederation;
if (string.IsNullOrEmpty(connectionDetail.GetUserPassword()))
{
throw new Exception("Unable to read user password");
}
var password = CryptoManager.Decrypt(connectionDetail.GetUserPassword(), ConnectionManager.CryptoPassPhrase,
ConnectionManager.CryptoSaltValue,
ConnectionManager.CryptoHashAlgorythm,
ConnectionManager.CryptoPasswordIterations,
ConnectionManager.CryptoInitVector,
ConnectionManager.CryptoKeySize);
Utilities.GetOrgnameAndOnlineRegionFromServiceUri(new Uri(connectionDetail.OriginalUrl), out var region, out var orgName, out _);
//if (UseMfa)
//{
var path = Path.Combine(Path.GetTempPath(), connectionDetail.ConnectionId.Value.ToString("B"), "oauth-cache.txt");
crmSvc = new CrmServiceClient(connectionDetail.UserName, CrmServiceClient.MakeSecureString(password),
region,
orgName,
true,
null,
null,
connectionDetail.AzureAdAppId != Guid.Empty ? connectionDetail.AzureAdAppId.ToString() : "51f81489-12ee-4a9e-aaae-a2591f45987d",
new Uri(connectionDetail.ReplyUrl ?? "app://58145B91-0C36-4500-8554-080854F2AC97"),
path,
null);
//}
//else
//{
// crmSvc = new CrmServiceClient(UserName, CrmServiceClient.MakeSecureString(password),
// region,
// orgName,
// true,
// true,
// null,
// true);
//}
}
private static void ConnectOAuth(this ConnectionDetail connectionDetail)
{
if (!string.IsNullOrEmpty(connectionDetail.RefreshToken))
{
CrmServiceClient.AuthOverrideHook = new RefreshTokenAuthOverride(connectionDetail);
crmSvc = new CrmServiceClient(new Uri($"https://{connectionDetail.ServerName}:{connectionDetail.ServerPort}"), true);
CrmServiceClient.AuthOverrideHook = null;
}
else
{
var secret = CryptoManager.Decrypt(connectionDetail.GetClientSecret(), ConnectionManager.CryptoPassPhrase,
ConnectionManager.CryptoSaltValue,
ConnectionManager.CryptoHashAlgorythm,
ConnectionManager.CryptoPasswordIterations,
ConnectionManager.CryptoInitVector,
ConnectionManager.CryptoKeySize);
var path = Path.Combine(Path.GetTempPath(), connectionDetail.ConnectionId.Value.ToString("B"), "oauth-cache.txt");
crmSvc = new CrmServiceClient(new Uri($"https://{connectionDetail.ServerName}:{connectionDetail.ServerPort}"), connectionDetail.AzureAdAppId.ToString(), CrmServiceClient.MakeSecureString(secret), true, path);
}
}
public string ClearCache(string username, string password, string keys)
{
string result = string.Empty;
try
{
if (this.CheckPermission(username, password, out result))
{
keys = HttpUtility.UrlDecode(keys);
if (!string.IsNullOrEmpty(keys))
{
string decryptedKeys = CryptoManager.Decrypt(keys);
if (!decryptedKeys.Equals(keys))
{
string[] Caches = decryptedKeys.Split(';');
for (int i = 0; i <= Caches.Length - 1; i++)
{
CacheManager.Remove(Caches[i]);
}
result = "Answer: Caches Cleared";
}
else
{
result = "Error: Keys Encryption Error";
}
}
else
{
result = "Error: Missing Parameter";
}
}
}
catch (Exception exc)
{
result = "Error: " + exc.Message;
}
return(result);
}
static HttpResponse RequestHandler(HttpRequest req)
{
DateTime startTime = DateTime.Now;
HttpResponse resp = null;
bool connAdded = false;
try
{
#region Unauthenticated-APIs
switch (req.Method)
{
case HttpMethod.GET:
if (WatsonCommon.UrlEqual(req.RawUrlWithoutQuery, "/loopback", false))
{
resp = new HttpResponse(req, true, 200, null, "application/json", "Hello from CryptoServer!", false);
return(resp);
}
break;
case HttpMethod.PUT:
case HttpMethod.POST:
case HttpMethod.DELETE:
default:
break;
}
#endregion
#region Add-to-Connection-List
_Connections.Add(Thread.CurrentThread.ManagedThreadId, req);
connAdded = true;
#endregion
#region APIs
if (!String.IsNullOrEmpty(req.RetrieveHeaderValue(_Settings.Auth.ApiKeyHeader)))
{
if (req.RetrieveHeaderValue(_Settings.Auth.ApiKeyHeader).Equals(_Settings.Auth.AdminApiKey))
{
#region Admin-API-Key
_Logging.Log(LoggingModule.Severity.Info, "RequestHandler use of admin API key detected for: " + req.RawUrlWithoutQuery);
switch (req.Method)
{
case HttpMethod.GET:
if (WatsonCommon.UrlEqual(req.RawUrlWithoutQuery, "/_cryptoserver/connections", false))
{
resp = new HttpResponse(req, true, 200, null, "application/json", _Connections.GetActiveConnections(), false);
return(resp);
}
if (WatsonCommon.UrlEqual(req.RawUrlWithoutQuery, "/_cryptoserver/config", false))
{
resp = new HttpResponse(req, true, 200, null, "application/json", _Settings, false);
return(resp);
}
break;
case HttpMethod.PUT:
case HttpMethod.POST:
case HttpMethod.DELETE:
default:
break;
}
_Logging.Log(LoggingModule.Severity.Warn, "RequestHandler unknown admin API endpoint: " + req.RawUrlWithoutQuery);
resp = new HttpResponse(req, false, 400, null, "application/json", "Unknown API endpoint or verb", false);
return(resp);
#endregion
}
else if (req.RetrieveHeaderValue(_Settings.Auth.ApiKeyHeader).Equals(_Settings.Auth.CryptoApiKey))
{
#region Crypto-API-Key
string failureReason;
byte[] responseData;
Obj responseObj;
switch (req.Method)
{
case HttpMethod.POST:
if (WatsonCommon.UrlEqual(req.RawUrlWithoutQuery, "/decrypt", false))
{
Obj reqObj = Common.DeserializeJson <Obj>(req.Data);
if (!_Crypto.Decrypt(reqObj, out responseData, out failureReason))
{
_Logging.Log(LoggingModule.Severity.Warn, "RequestHandler unable to decrypt: " + failureReason);
resp = new HttpResponse(req, false, 500, null, "application/json", failureReason, false);
return(resp);
}
else
{
_Logging.Log(LoggingModule.Severity.Debug, "RequestHandler encrypt returning " + responseData.Length + " bytes");
resp = new HttpResponse(req, true, 200, null, "application/octet-stream", responseData, true);
return(resp);
}
}
if (WatsonCommon.UrlEqual(req.RawUrlWithoutQuery, "/encrypt", false))
{
if (!_Crypto.Encrypt(req.Data, out responseObj, out failureReason))
{
_Logging.Log(LoggingModule.Severity.Warn, "RequestHandler unable to encrypt: " + failureReason);
resp = new HttpResponse(req, false, 500, null, "application/json", failureReason, false);
return(resp);
}
else
{
resp = new HttpResponse(req, true, 200, null, "application/json", Common.SerializeJson(responseObj), true);
return(resp);
}
}
break;
case HttpMethod.GET:
case HttpMethod.PUT:
case HttpMethod.DELETE:
default:
break;
}
_Logging.Log(LoggingModule.Severity.Warn, "RequestHandler unknown crypto API endpoint: " + req.RawUrlWithoutQuery);
resp = new HttpResponse(req, false, 400, null, "application/json", "Unknown API endpoint or verb", false);
return(resp);
#endregion
}
else
{
#region Invalid-Auth-Material
_Logging.Log(LoggingModule.Severity.Warn, "RequestHandler invalid API key supplied: " + req.RetrieveHeaderValue(_Settings.Auth.ApiKeyHeader));
resp = new HttpResponse(req, false, 401, null, "application/json", "Invalid API key", false);
return(resp);
#endregion
}
}
resp = new HttpResponse(req, false, 401, null, "application/json", "No authentication material", false);
return(resp);
#endregion
}
catch (Exception e)
{
_Logging.LogException("CryptoServer", "RequestHandler", e);
resp = new HttpResponse(req, false, 500, null, "application/json", "Internal server error", false);
return(resp);
}
finally
{
if (resp != null)
{
string message = "RequestHandler " + req.SourceIp + ":" + req.SourcePort + " " + req.Method + " " + req.RawUrlWithoutQuery;
message += " " + resp.StatusCode + " " + Common.TotalMsFrom(startTime) + "ms";
_Logging.Log(LoggingModule.Severity.Debug, message);
}
if (connAdded)
{
_Connections.Close(Thread.CurrentThread.ManagedThreadId);
}
}
}
public static string GetString(string key, bool isEncrypt)
{
string encryptedText = string.Empty;
try
{
System.Configuration.Configuration config = Config;
CryptoManager cryptoManager = new CryptoManager();
if (ContainsKey(config, key))
{
encryptedText = config.AppSettings.Settings[key].Value;
}
if (isEncrypt)
{
encryptedText = cryptoManager.Decrypt(encryptedText);
}
}
catch (Exception ex)
{
encryptedText = string.Empty;
string exMsg = ex.ToString();
}
return encryptedText;
}
public void Deserialize([NotNull] XmlDocument xmlDocument, [CanBeNull] string encryptionKey)
{
Assert.ArgumentNotNull(xmlDocument, "xmlDocument");
XmlElement rootNode = xmlDocument.DocumentElement;
Assert.AreEqual(rootNode.Name, RootNodeName, TheTargetXmlDocumentHasIncorrectFormat);
XmlNode node = rootNode.SelectSingleNode(ServerNodeName);
Assert.IsNotNull(node, string.Format(Text0NodeIsRequired, "Server"));
Assert.IsNotNullOrEmpty(node.InnerXml, string.Format(Text0ValueIsRequired, "Server"));
this.Server = node.InnerXml;
node = rootNode.SelectSingleNode(ListNodeName);
Assert.IsNotNull(node, string.Format(Text0NodeIsRequired, "List"));
Assert.IsNotNullOrEmpty(node.InnerXml, string.Format(Text0ValueIsRequired, "List"));
this.List = node.InnerXml;
node = rootNode.SelectSingleNode(TemplateIDNodeName);
Assert.IsNotNull(node, string.Format(Text0NodeIsRequired, "TemplateID"));
Assert.IsNotNullOrEmpty(node.InnerXml, string.Format(Text0ValueIsRequired, "TemplateID"));
this.TemplateID = node.InnerXml;
string password = null;
node = rootNode.SelectSingleNode(PasswordNodeName);
if (node != null && !string.IsNullOrEmpty(node.InnerXml))
{
Assert.IsNotNullOrEmpty(encryptionKey, "Integration Config Data that contains credentials could not be deserialized without encryption key.");
password = CryptoManager.Decrypt(node.InnerXml, encryptionKey);
}
string userName = null;
node = rootNode.SelectSingleNode(UserNameNodeName);
if (node != null && !string.IsNullOrEmpty(node.InnerXml))
{
userName = node.InnerXml;
}
this.SetCredentials(userName, password);
node = rootNode.SelectSingleNode(WebNodeName);
if (node != null && !string.IsNullOrEmpty(node.InnerXml))
{
this.Web = node.InnerXml;
}
else
{
this.Web = string.Empty;
}
node = rootNode.SelectSingleNode(FolderNodeName);
if (node != null && !string.IsNullOrEmpty(node.InnerXml))
{
this.Folder = node.InnerXml;
}
else
{
this.Folder = string.Empty;
}
node = rootNode.SelectSingleNode(ViewNodeName);
if (node != null && !string.IsNullOrEmpty(node.InnerXml))
{
this.View = node.InnerXml;
}
else
{
this.View = string.Empty;
}
node = rootNode.SelectSingleNode(ItemLimitNodeName);
uint itemLimit;
if (node != null && uint.TryParse(node.InnerXml, out itemLimit))
{
this.ItemLimit = itemLimit;
}
else
{
this.ItemLimit = 0;
}
node = rootNode.SelectSingleNode(ExpirationIntervalNodeName);
ulong expirationInterval;
if (node != null && ulong.TryParse(node.InnerXml, out expirationInterval))
{
this.ExpirationInterval = expirationInterval;
}
else
{
this.ExpirationInterval = 0;
}
this.FieldMappings = new List <FieldMapping>();
XmlNode fieldMappingsNode = rootNode.SelectSingleNode(FieldMappingsNodeName);
if (fieldMappingsNode != null)
{
foreach (XmlNode fieldMappingNode in fieldMappingsNode.ChildNodes)
{
this.FieldMappings.Add(new FieldMapping(fieldMappingNode));
}
}
node = rootNode.SelectSingleNode(ConnectionConfigurationNodeName);
this.ConnectionConfiguration = node != null ? node.InnerXml : null;
}
public static string Decrypt(this string richText, string decryptionKey = "")
{
return(CryptoManager.Decrypt(richText, decryptionKey));
}
