Пример #1
0
        /// <summary>
        /// The action performed after receiving a message from Service Bus. This method will load the KeyVault key and decrypt messages.
        /// </summary>
        /// <param name="message">The <see cref="Message"/> to be decrypted.</param>
        /// <returns>The decrypted <see cref="Message"/>.</returns>
        public override async Task <Message> AfterMessageReceive(Message message)
        {
            try
            {
                if (!message.UserProperties.ContainsKey(KeyVaultMessageHeaders.InitializationVectorPropertyName) ||
                    !message.UserProperties.ContainsKey(KeyVaultMessageHeaders.KeyNamePropertyName))
                {
                    return(message);
                }

                var iVString   = message.UserProperties[KeyVaultMessageHeaders.InitializationVectorPropertyName] as string;
                var iV         = Convert.FromBase64String(iVString);
                var secretName = message.UserProperties[KeyVaultMessageHeaders.KeyNamePropertyName] as string;

                // Remove properties before giving the message back
                message.UserProperties.Remove(KeyVaultMessageHeaders.InitializationVectorPropertyName);
                message.UserProperties.Remove(KeyVaultMessageHeaders.KeyNamePropertyName);

                var secret = await secretManager.GetHashedSecret(secretName);

                var decryptedMessage = await KeyVaultPlugin.Decrypt(message.Body, secret, iV);

                message.Body = decryptedMessage;
                return(message);
            }
            catch (Exception ex)
            {
                throw new KeyVaultPluginException(Resources.AfterMessageReceiveException, ex);
            }
        }
Пример #2
0
        /// <summary>
        /// The action performed before sending a message to Service Bus. This method will load the KeyVault key and encrypt messages.
        /// </summary>
        /// <param name="message">The <see cref="Message"/> to be encrypted.</param>
        /// <returns>The encrypted <see cref="Message"/>.</returns>
        public override async Task <Message> BeforeMessageSend(Message message)
        {
            try
            {
                // Skip encryption if message properties are already set
                if (message.UserProperties.ContainsKey(KeyVaultMessageHeaders.InitializationVectorPropertyName) ||
                    message.UserProperties.ContainsKey(KeyVaultMessageHeaders.KeyNamePropertyName) ||
                    message.UserProperties.ContainsKey(KeyVaultMessageHeaders.KeyVersionPropertyName))
                {
                    return(message);
                }

                var secret = await secretManager.GetHashedSecret(secretName, secretVersion);

                message.UserProperties.Add(KeyVaultMessageHeaders.InitializationVectorPropertyName, base64InitializationVector);
                message.UserProperties.Add(KeyVaultMessageHeaders.KeyNamePropertyName, secretName);
                message.UserProperties.Add(KeyVaultMessageHeaders.KeyVersionPropertyName, secretVersion);

                message.Body = await KeyVaultPlugin.Encrypt(message.Body, secret, this.initializationVector);

                return(message);
            }
            catch (Exception ex)
            {
                throw new KeyVaultPluginException(Resources.BeforeMessageSendException, ex);
            }
        }
Пример #3
0
 internal KeyVaultPlugin(string encryptionSecretName, ISecretManager secretManager)
 {
     this.secretName                 = encryptionSecretName;
     this.secretManager              = secretManager;
     this.initializationVector       = KeyVaultPlugin.GenerateInitializationVector();
     this.base64InitializationVector = Convert.ToBase64String(this.initializationVector);
 }
Пример #4
0
        /// <summary>
        /// Creates a new instance of an <see cref="KeyVaultPlugin"/>.
        /// </summary>
        /// <param name="encryptionSecretName">The name of the secret used to encrypt / decrypt messages.</param>
        /// <param name="options">The <see cref="KeyVaultPluginSettings"/> used to create a new instance.</param>
        public KeyVaultPlugin(string encryptionSecretName, KeyVaultPluginSettings options)
        {
            if (string.IsNullOrEmpty(encryptionSecretName))
            {
                throw new ArgumentNullException(nameof(encryptionSecretName));
            }
            if (options == null)
            {
                throw new ArgumentNullException(nameof(options));
            }

            this.secretName                 = encryptionSecretName;
            this.keyVaultEndpoint           = options.Endpoint;
            this.secretManager              = new KeyVaultSecretManager(options.Endpoint, options.ClientId, options.ClientSecret);
            this.initializationVector       = KeyVaultPlugin.GenerateInitializationVector();
            this.base64InitializationVector = Convert.ToBase64String(this.initializationVector);
        }