public string GetPassword(Credential request) { var encryptionKey = GetEncryptionKey(); string stringPassword = request.PasswordSecret; if (String.IsNullOrEmpty(stringPassword)) { return(""); } if (!CredentialsEncrypter.IsBase64(request.PasswordSecret))//if encryption is not in base64 { //encrypt existing password request.HashSalt = CredentialHasher.CreateSalt(32); //create 32 byte salt //generate hash request.PasswordHash = CredentialHasher.GenerateSaltedHash(request.PasswordSecret, request.HashSalt); //encrypt the provided password request.PasswordSecret = CredentialsEncrypter.Encrypt(request.PasswordSecret, encryptionKey); _repo.Update(request); return(stringPassword); } return(CredentialsEncrypter.Decrypt(request.PasswordSecret, encryptionKey)); }
public Credential UpdateCredential(string id, Credential request) { Guid entityId = new Guid(id); var existingCredential = _repo.GetOne(entityId); if (existingCredential == null) { throw new EntityDoesNotExistException("Credential could not be found or does not exist"); } request.Id = entityId; CredentialNameAvailability(request); if (!ValidateStartAndEndDates(request)) { throw new InvalidOperationException(""); } existingCredential.StartDate = request.StartDate; existingCredential.EndDate = request.EndDate; existingCredential.Domain = request.Domain; existingCredential.UserName = request.UserName; existingCredential.Certificate = request.Certificate; if (!String.IsNullOrEmpty(request.PasswordSecret))//password is not null or empty, then set a new password { var encryptionKey = GetEncryptionKey(); if (CredentialsEncrypter.IsBase64(existingCredential.PasswordSecret))//if encryption is in base64 { existingCredential.PasswordSecret = CredentialsEncrypter.Decrypt(existingCredential.PasswordSecret, encryptionKey); } if (existingCredential.PasswordSecret != request.PasswordSecret) { //generate salt existingCredential.HashSalt = CredentialHasher.CreateSalt(32); //create 32 byte salt //generate hash existingCredential.PasswordHash = CredentialHasher.GenerateSaltedHash(request.PasswordSecret, existingCredential.HashSalt); //encrypt the provided password existingCredential.PasswordSecret = CredentialsEncrypter.Encrypt(request.PasswordSecret, encryptionKey); } } if (request.PasswordSecret == "")//if password is an empty string, then remove password fields { existingCredential.HashSalt = null; existingCredential.PasswordHash = null; existingCredential.PasswordSecret = null; } return(existingCredential); }