/* Scenario: * Health Information System application with 3 roles and 2 users. * * Roles (Business Cases): * - "Doctor Only" -> Only Dr. Linda McDonald can see this information * - "Restricted" -> Only the doctor and nurse(s) can see this information * - "Office" -> Office staff can see this information * * It is assumed that patient names are not sensitive information. */ protected override void OnStartup(StartupEventArgs e) { base.OnStartup(e); if (e.Args.Any() && e.Args[0] == "/generate") { var sensitiveKey = new AntiPrintScreenKey(EncryptionKey.KeyAppliesTo.Both, AesEncryptionKey.Create(TripleDesEncryptionKey.Create())); var somewhatSensitiveKey = TripleDesEncryptionKey.Create(); var nonSensitiveKey = TripleDesEncryptionKey.Create(); var keyring = new Keyring(); keyring.Add("Doctor Only", sensitiveKey); keyring.Add("Restricted", somewhatSensitiveKey); keyring.Add("Office", nonSensitiveKey); // John's Keyring using (var johnFs = new FileStream("jthomas.keyring", FileMode.Create)) { keyring.ExportToStream(johnFs, "Restricted", "Office"); } // Linda's Keyring using (var lindaFs = new FileStream("lmcdonald.keyring", FileMode.Create)) { keyring.ExportToStream(lindaFs); } } else { new RecordList().ShowDialog(); } this.Shutdown(); }
/// <summary> /// Upload a Keyring object to Azure Key Vault /// </summary> /// <param name="authCallback">Callback, arguments are 'authority', 'resource', 'scope', returns 'accessToken'</param> /// <param name="keyring">Keyring to upload</param> /// <param name="keyringName">Name of the keyring when stored in Key Vault</param> public static async Task Export(Func <string, string, string, string> authCallback, string vault, Keyring keyring, string keyringName = "Keyring") { var client = await GetClient(authCallback); foreach (var key in keyring) { var keyName = key.Name; //todo: sanitize var ms = new MemoryStream(); keyring.ExportToStream(ms, key); ms.Seek(0, SeekOrigin.Begin); await client.SetSecretAsync(vault, $"{KeyringPrefix}.{keyringName}.{keyName}", System.Convert.ToBase64String(ms.ToArray())); } var remoteKeyring = await GenerateKeyring(client, vault, $"{KeyringPrefix}.{keyringName}."); var toBeRemoved = remoteKeyring.Where(remote => keyring.Any(k => k.Name == remote.Name)); var deleteTasks = new List <Task>(); foreach (var item in toBeRemoved) { deleteTasks.Add(client.DeleteSecretAsync(vault, item.Name)); } await Task.WhenAll(deleteTasks); }