static async Task Main(string[] args)
{
Encoding.RegisterProvider(CodePagesEncodingProvider.Instance);
CryptOptions cryptInfo = new CryptOptions();
cryptInfo.CryptCPpath = @"c:\Users\tsapov.m\Documents\work\35411\CryptoPro\cryptcp.win32.exe";
cryptInfo.EncryptCertificate = "413ddcd06e9c4aebe2c2ae5e76b077318639f855"; // THUMBPRINT сертификата для шифрования (сертификат партнера для шифрования TLS - без закрытого ключа)
cryptInfo.SignCertificate = "11734753f99fc664380c5413741c80f96d801589"; // THUMBPRINT сертификата для подписи (собственный сертификат для ЭЦП - с закрытым ключом)
cryptInfo.DecryptCertificate = "11734753f99fc664380c5413741c80f96d801589"; // THUMBPRINT сертификата для расшифровки (собственный сертификат с закрытым ключом - TLS сертификат)
cryptInfo.UnSignCertificate = "413ddcd06e9c4aebe2c2ae5e76b077318639f855"; // THUMBPRINT сертификата для проверки подписи (сертификат партнера - который прислал данные, без закрытого ключа)
/*
* string inputFilePath = @"c:\Users\tsapov.m\TEST\E1J_SC_1_20210407_0002.csv";
* await ExecuteSign(inputFilePath, cryptInfo);
*/
string inputFilePath = @"c:\Users\tsapov.m\TEST\outbox_E1J_SC_1_20210407_0002_out.zip.sgn.enc";
await ExecuteUnSign(inputFilePath, cryptInfo);
Console.WriteLine("Press any key to continue");
Console.ReadKey();
}
public void EncryptQueryWithSchemaStepwise()
{
var listCollectionsReply = ReadJsonTestFile("collection-info.json");
var schema = new BsonDocument("test.test", listCollectionsReply["options"]["validator"]["$jsonSchema"]);
var options = new CryptOptions(
new[] { CreateKmsCredentials("aws") },
BsonUtil.ToBytes(schema));
using (var cryptClient = CryptClientFactory.Create(options))
using (var context =
cryptClient.StartEncryptionContext(
db: "test",
command: BsonUtil.ToBytes(ReadJsonTestFile("cmd.json"))))
{
var(state, _, operationSent) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_MARKINGS);
var mongoCryptdCommand = ReadJsonTestFile("mongocryptd-command.json");
mongoCryptdCommand["isRemoteSchema"] = false;
operationSent.Should().Equal(mongoCryptdCommand);
(state, _, operationSent) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_KEYS);
operationSent.Should().Equal(ReadJsonTestFile("key-filter.json"));
(state, _, _) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS);
// kms fluent assertions inside ProcessState()
(state, _, operationSent) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY);
operationSent.Should().Equal((ReadJsonTestFile("encrypted-command.json")));
}
}
private static async Task ExecuteSign(string inputFilePath, CryptOptions cryptInfo, CancellationToken?token = null)
{
string logicalFilename = Path.GetFileName(inputFilePath);
byte[] inputData = await File.ReadAllBytesAsync(inputFilePath);
byte[] packedData = await TestCryptoProcessor.ExecuteOutput(inputData, cryptInfo, logicalFilename);
await File.WriteAllBytesAsync(@$ "c:\Users\tsapov.m\TEST\{Path.GetFileNameWithoutExtension(logicalFilename)}.zip.sgn.enc", packedData);
public BsonDocument DecryptCommand(IKmsCredentials credentials, IMongoDatabase db, BsonDocument doc)
{
CryptOptions options = new CryptOptions(credentials);
using (var cryptClient = CryptClientFactory.Create(options))
using (var context = cryptClient.StartDecryptionContext(BsonUtil.ToBytes(doc)))
{
return(ProcessState(context, db, null));
}
}
public BsonDocument EncryptCommand(IKmsCredentials credentials, IMongoCollection <BsonDocument> coll, BsonDocument cmd)
{
CryptOptions options = new CryptOptions(credentials);
using (var cryptClient = CryptClientFactory.Create(options))
using (var context = cryptClient.StartEncryptionContext(coll.Database.DatabaseNamespace.DatabaseName, command: BsonUtil.ToBytes(cmd)))
{
return(ProcessState(context, coll.Database, cmd));
}
}
static int Crypt(CryptOptions o)
{
if (!File.Exists(o.PathIn))
{
Console.WriteLine("Input path doesn't exist.");
return(1);
}
SaveCrypt.CryptFile(o.PathIn, o.PathOut, o.SteamId);
return(0);
}
public void TestGetKmsProviderName(string kmsName)
{
var key = CreateKmsCredentials(kmsName);
var keyId = CreateKmsKeyId(kmsName);
var cryptOptions = new CryptOptions(new[] { key });
using (var cryptClient = CryptClientFactory.Create(cryptOptions))
using (var context = cryptClient.StartCreateDataKeyContext(keyId))
{
var request = context.GetKmsMessageRequests().Single();
request.KmsProvider.Should().Be(kmsName);
}
}
public void TestLocalKeyCreation()
{
var key = CreateKmsCredentials("local");
var keyId = CreateKmsKeyId("local");
var cryptOptions = new CryptOptions(new[] { key });
using (var cryptClient = CryptClientFactory.Create(cryptOptions))
using (var context =
cryptClient.StartCreateDataKeyContext(keyId))
{
var(_, dataKeyDocument) = ProcessContextToCompletion(context);
dataKeyDocument.Should().NotBeNull();
}
}
public Guid GenerateKey(IKmsCredentials credentials, IKmsKeyId kmsKeyId)
{
CryptOptions options = new CryptOptions(credentials);
BsonDocument key = null;
using (var cryptClient = CryptClientFactory.Create(options))
using (var context = cryptClient.StartCreateDataKeyContext(kmsKeyId))
{
key = ProcessState(context, _keyVault.Database, null);
}
_keyVault.InsertOne(key);
Guid g = key["_id"].AsGuid;
return(g);
}
public void TestLocalKeyCreationStepwise()
{
var key = CreateKmsCredentials("local");
var keyId = CreateKmsKeyId("local");
var cryptOptions = new CryptOptions(new[] { key });
using (var cryptClient = CryptClientFactory.Create(cryptOptions))
using (var context =
cryptClient.StartCreateDataKeyContext(keyId))
{
var(state, _, dataKeyDocument) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY);
dataKeyDocument.Should().NotBeNull();
(state, _, _) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE);
}
}
public void TestLocalKeyCreationWithkeyAltNames()
{
var keyAltNames = new[] { "KeyMaker", "Architect" };
var keyAltNameDocuments = keyAltNames.Select(name => new BsonDocument("keyAltName", name));
var keyAltNameBuffers = keyAltNameDocuments.Select(BsonUtil.ToBytes);
var key = CreateKmsCredentials("local");
var keyId = CreateKmsKeyId("local", keyAltNameBuffers: keyAltNameBuffers);
var cryptOptions = new CryptOptions(new[] { key });
using (var cryptClient = CryptClientFactory.Create(cryptOptions))
using (var context =
cryptClient.StartCreateDataKeyContext(keyId))
{
var(_, dataKeyDocument) = ProcessContextToCompletion(context);
dataKeyDocument.Should().NotBeNull();
var actualKeyAltNames = dataKeyDocument["keyAltNames"].AsBsonArray.Select(x => x.AsString);
var expectedKeyAltNames = keyAltNames.Reverse(); // https://jira.mongodb.org/browse/CDRIVER-3277?
actualKeyAltNames.Should().BeEquivalentTo(expectedKeyAltNames);
}
}
/// <summary>
/// Для обработки исходящего файла
/// </summary>
/// <param name="data">входящие нешифрованные данные</param>
/// <param name="zippedFileName">имя файла в архиве</param>
/// <returns></returns>
public static async Task <byte[]> ExecuteOutput(byte[] data, CryptOptions cryptInfo, string zippedFileName)
{
string tempFile = Path.GetTempFileName();
string workingDirectory = Path.GetDirectoryName(tempFile);
string fileName = Path.GetFileName(tempFile);
await File.WriteAllBytesAsync(tempFile, data);
var processor = GetCryptoProcessor(Direction.Output);
await using (CryptoContext context = new CryptoContext(cryptInfo, workingDirectory, fileName, Direction.Output, zippedFileName))
{
await processor.Execute(context);
// получаем результат последовательность (исходные байты -> zip.sgn.enc)
byte[] result = await File.ReadAllBytesAsync(Path.Combine(context.WorkDirectory, context.LastFileName));
return(result);
}
}
public void TestLocalKeyCreationWithkeyAltNamesStepwise()
{
var keyAltNames = new[] { "KeyMaker", "Architect" };
var keyAltNameDocuments = keyAltNames.Select(name => new BsonDocument("keyAltName", name));
var keyAltNameBuffers = keyAltNameDocuments.Select(BsonUtil.ToBytes);
var key = new LocalKmsCredentials(new byte[96]);
var keyId = new LocalKeyId(keyAltNameBuffers);
var cryptOptions = new CryptOptions(CreateCredentialsMap(key));
using (var cryptClient = CryptClientFactory.Create(cryptOptions))
using (var context =
cryptClient.StartCreateDataKeyContext(keyId))
{
var(state, _, dataKeyDocument) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY);
dataKeyDocument.Should().NotBeNull();
var actualKeyAltNames = dataKeyDocument["keyAltNames"].AsBsonArray.Select(x => x.AsString);
var expectedKeyAltNames = keyAltNames.Reverse(); // https://jira.mongodb.org/browse/CDRIVER-3277?
actualKeyAltNames.Should().BeEquivalentTo(expectedKeyAltNames);
(state, _, _) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE);
}
}
private static ExitCode RunCryptOptionsAndReturnExitCode(CryptOptions cryptOptions)
{
AesEncryptionResult aesEncryptionResult = null;
switch (cryptOptions.InputType.ToLower())
{
case "string":
{
aesEncryptionResult = (cryptOptions.Algorithm.ToLower()) switch
{
"aes128cbc" => new AE_AES_128_CBC_HMAC_SHA_256().EncryptString(cryptOptions.InputToBeEncrypted, cryptOptions.Password),
"aes192cbc" => new AE_AES_192_CBC_HMAC_SHA_384().EncryptString(cryptOptions.InputToBeEncrypted, cryptOptions.Password),
"aes256cbc" => new AE_AES_256_CBC_HMAC_SHA_512().EncryptString(cryptOptions.InputToBeEncrypted, cryptOptions.Password),
"aes128gcm" => new AEAD_AES_128_GCM().EncryptString(cryptOptions.InputToBeEncrypted, cryptOptions.Password, cryptOptions.AssociatedData),
"aes192gcm" => new AEAD_AES_192_GCM().EncryptString(cryptOptions.InputToBeEncrypted, cryptOptions.Password, cryptOptions.AssociatedData),
"aes256gcm" => new AEAD_AES_256_GCM().EncryptString(cryptOptions.InputToBeEncrypted, cryptOptions.Password, cryptOptions.AssociatedData),
_ => new AesEncryptionResult()
{
Success = false, Message = $"Unknown algorithm \"{cryptOptions.Algorithm}\"."
},
};
}
break;
case "file":
{
switch (cryptOptions.Algorithm.ToLower())
{
case "aes128cbc":
{
using (var progressBar = new ProgressBar())
{
var aes128 = new AE_AES_128_CBC_HMAC_SHA_256();
aes128.OnEncryptionProgress += (percentageDone, message) => { progressBar.Report((double)percentageDone / 100); };
aes128.OnEncryptionMessage += (msg) => { progressBar.WriteLine(msg); };
aesEncryptionResult = aes128.EncryptFile(cryptOptions.InputToBeEncrypted, cryptOptions.OutputFilePath, cryptOptions.Password, cryptOptions.DeleteSourceFile);
}
}
break;
case "aes192cbc":
{
using (var progressBar = new ProgressBar())
{
var aes192 = new AE_AES_192_CBC_HMAC_SHA_384();
aes192.OnEncryptionProgress += (percentageDone, message) => { progressBar.Report((double)percentageDone / 100); };
aes192.OnEncryptionMessage += (msg) => { progressBar.WriteLine(msg); };
aesEncryptionResult = aes192.EncryptFile(cryptOptions.InputToBeEncrypted, cryptOptions.OutputFilePath, cryptOptions.Password, cryptOptions.DeleteSourceFile);
}
}
break;
case "aes256cbc":
{
using (var progressBar = new ProgressBar())
{
var aes256 = new AE_AES_256_CBC_HMAC_SHA_512();
aes256.OnEncryptionProgress += (percentageDone, message) => { progressBar.Report((double)percentageDone / 100); };
aes256.OnEncryptionMessage += (msg) => { progressBar.WriteLine(msg); };
aesEncryptionResult = aes256.EncryptFile(cryptOptions.InputToBeEncrypted, cryptOptions.OutputFilePath, cryptOptions.Password, cryptOptions.DeleteSourceFile);
}
}
break;
case "aes128gcm":
case "aes192gcm":
case "aes256gcm":
aesEncryptionResult = new AesEncryptionResult()
{
Success = false, Message = $"Algorithm \"{cryptOptions.Algorithm}\" currently not available for file encryption."
};
break;
default:
aesEncryptionResult = new AesEncryptionResult()
{
Success = false, Message = $"Unknown algorithm \"{cryptOptions.Algorithm}\"."
};
break;
}
}
break;
default:
aesEncryptionResult = new AesEncryptionResult()
{
Success = false, Message = $"Unknown input type \"{cryptOptions.InputType}\"."
};
break;
}
if (aesEncryptionResult.Success)
{
Console.WriteLine(cryptOptions.InputType.ToLower().Equals("string")
? aesEncryptionResult.EncryptedDataBase64String
: aesEncryptionResult.Message);
return(ExitCode.Sucess);
}
else
{
Console.WriteLine(aesEncryptionResult.Message);
return(ExitCode.Error);
}
}
private CryptClient CreateCryptClient(CryptOptions options)
{
return(CryptClientFactory.Create(options));
}
/// <summary>
/// Для обработки входящего файла
/// </summary>
/// <param name="data">входящие zip.sgn.enc данные</param>
/// <returns>расшифрованные байты даннных и имя файла из архива</returns>
public static async Task <(byte[] result, string fileName)> ExecuteInput(byte[] data, CryptOptions cryptInfo)
{
string tempFile = Path.GetTempFileName();
string workingDirectory = Path.GetDirectoryName(tempFile);
string fileName = Path.GetFileName(tempFile);
await File.WriteAllBytesAsync(tempFile, data);
var processor = GetCryptoProcessor(Direction.Input);
await using (CryptoContext context = new CryptoContext(cryptInfo, workingDirectory, fileName, Direction.Input))
{
await processor.Execute(context);
string logicalFileName = context.LogicalFileName;
byte[] result = await File.ReadAllBytesAsync(Path.Combine(context.WorkDirectory, context.LastFileName));
return(result, logicalFileName);
}
}
