private OfficeDocumentResponse GetOfficeDocument(string sidDocumentIdValue, string identityToken)
{
var documentManagementFactory = new DocumentManagementFactory();
var officeDocumentStore = OfficeDocumentStore.Instance();
var umaResourceId = officeDocumentStore.GetUmaResourceId(sidDocumentIdValue).Result;
if (string.IsNullOrWhiteSpace(umaResourceId))
{
return(null);
}
var grantedToken = officeDocumentStore.GetOfficeDocumentAccessTokenViaUmaGrantType(umaResourceId).Result;
if (grantedToken == null)
{
return(null);
}
var getOfficeDocumentResponse = documentManagementFactory.GetOfficeDocumentClient().GetResolve(sidDocumentIdValue, Constants.DocumentApiConfiguration, grantedToken.AccessToken).Result;
if (getOfficeDocumentResponse.ContainsError)
{
return(null);
}
return(getOfficeDocumentResponse.OfficeDocument);
}
private string DecryptOfficeDocument(string sidDocumentIdValue, string identityToken, string content)
{
var splittedContent = content.Split('.');
if (splittedContent.Length != 3)
{
return(null);
}
var encryptionHelper = new EncryptionHelper();
var kid = splittedContent[0];
var credentials = splittedContent[1];
var encryptedContent = splittedContent[2];
var officeDocumentStore = OfficeDocumentStore.Instance();
var decryptionResponse = officeDocumentStore.RestoreDecryption(sidDocumentIdValue);
if (decryptionResponse != null)
{
try
{
var result = encryptionHelper.Decrypt(encryptedContent, decryptionResponse);
return(result);
}
catch (Exception) { }
}
var identityServerClientFactory = new IdentityServerClientFactory();
var identityServerUmaClientFactory = new IdentityServerUmaClientFactory();
var documentManagementFactory = new DocumentManagementFactory();
var umaResourceId = officeDocumentStore.GetUmaResourceId(sidDocumentIdValue).Result;
if (string.IsNullOrWhiteSpace(umaResourceId))
{
return(null);
}
var grantedToken = officeDocumentStore.GetOfficeDocumentAccessTokenViaUmaGrantType(umaResourceId).Result;
if (grantedToken == null)
{
return(null);
}
var decryptedResult = documentManagementFactory.GetOfficeDocumentClient().DecryptResolve(new DecryptDocumentRequest
{
DocumentId = sidDocumentIdValue,
Credentials = credentials,
Kid = kid
}, Constants.DocumentApiConfiguration, grantedToken.AccessToken).Result;
if (decryptedResult.ContainsError)
{
return(null);
}
return(encryptionHelper.Decrypt(encryptedContent, decryptedResult.Content));
}
private OfficeDocumentStore()
{
_identityServerUmaClientFactory = new IdentityServerUmaClientFactory();
_identityServerClientFactory = new IdentityServerClientFactory();
_documentManagementFactory = new DocumentManagementFactory();
_accessTokenStore = AccessTokenStore.Instance();
_authenticationStore = AuthenticationStore.Instance();
_tokens = new List <StoredUmaAccessToken>();
_documents = new List <StoredOfficeDocument>();
}
public ProtectUserController(Window window)
{
_window = window;
_documentManagementFactory = new DocumentManagementFactory();
_identityServerUmaClientFactory = new IdentityServerUmaClientFactory();
_identityServerClientFactory = new IdentityServerClientFactory();
_authenticationStore = AuthenticationStore.Instance();
_officeDocumentStore = OfficeDocumentStore.Instance();
ViewModel = new ProtectUserViewModel();
Init();
ViewModel.DocumentProtected += HandleProtectDocument;
ViewModel.SharedLinkAdded += HandleAddSharedLink;
ViewModel.SelectedSharedLinkRemoved += HandleRemoveSharedLink;
}
public async Task <EncryptedDocument> Encrypt(Document document, string documentId)
{
var range = document.Range();
var xml = range.XML;
var salt = Guid.NewGuid().ToString();
var password = Guid.NewGuid().ToString();
var saltBytes = Encoding.UTF8.GetBytes(salt);
var passwordBytes = Encoding.UTF8.GetBytes(password);
var xmlPayload = Encoding.UTF8.GetBytes(xml);
// Encrypt document with sym key.
var encryptedPayloadBase64 = string.Empty;
using (MemoryStream ms = new MemoryStream())
{
using (var AES = new RijndaelManaged())
{
AES.KeySize = 256;
AES.BlockSize = 128;
var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000);
AES.Key = key.GetBytes(AES.KeySize / 8);
AES.IV = key.GetBytes(AES.BlockSize / 8);
AES.Mode = CipherMode.CBC;
using (var cs = new CryptoStream(ms, AES.CreateEncryptor(), CryptoStreamMode.Write))
{
cs.Write(xmlPayload, 0, xmlPayload.Length);
cs.Close();
}
var encryptedPayload = ms.ToArray();
encryptedPayloadBase64 = Convert.ToBase64String(encryptedPayload);
}
}
// Encrypt the credentials with asym key.
var docMgClientFactory = new DocumentManagementFactory();
var jwksKeys = await docMgClientFactory.GetJwksClient().ResolveAsync(new Uri(Constants.DocumentApiConfiguration)).ConfigureAwait(false);
var jwks = jwksKeys.Keys.First();
var modulus = jwks["n"].ToString().Base64DecodeBytes();
var exponent = jwks["e"].ToString().Base64DecodeBytes();
var kid = jwks["kid"].ToString();
var rsaParameters = new RSAParameters();
rsaParameters.Modulus = modulus;
rsaParameters.Exponent = exponent;
var credentials = Encoding.UTF8.GetBytes($"{password}.{salt}");
var encryptedBase64 = string.Empty;
using (var rsa = new RSACryptoServiceProvider())
{
rsa.ImportParameters(rsaParameters);
var encrypted = rsa.Encrypt(credentials, true);
encryptedBase64 = Convert.ToBase64String(encrypted);
}
// Returns concatenated result.
return(new EncryptedDocument
{
Content = $"{kid}.{encryptedBase64}.{encryptedPayloadBase64}",
Password = password,
Salt = salt
});
}
