public void TestEncryptionDecryptionAPI()
{
FabricClient client = new FabricClient();
string text = "Lazy Fox jumped";
string encryptedText = EncryptionUtility.EncryptText(
text,
"78 12 20 5a 39 d2 23 76 da a0 37 f0 5a ed e3 60 1a 7e 64 bf",
X509Credentials.StoreNameDefault,
StoreLocation.LocalMachine,
null);
string resultStr = new string(SecureStringToCharArray(EncryptionUtility.DecryptText(encryptedText)));
Assert.AreEqual <string>(text, resultStr);
LogHelper.Log("Decrypted text is {0}", resultStr);
try
{
string encryptedText2 = EncryptionUtility.EncryptText(
text,
"aa 79 54 22 7e 61 82 1d 8a 72 48 55 8b 7c 62 67 33 07 96 c5",
X509Credentials.StoreNameDefault);
Assert.AreNotEqual <string>(encryptedText, encryptedText2);
}
catch (COMException e)
{
LogHelper.Log("Got expected exception {0}", e.Message);
Assert.IsTrue(e is COMException);
}
}
// TODO: Avoid returning a string because strings are immutable and hence we cannot clear out the
// secret from memory when we are done using it.
internal static string GetStorageAccountKey(Dictionary <string, string> options)
{
string key = options[Constants.StorageAccountKeyOption].Trim();
bool keyIsEncrypted = options.ContainsKey(Constants.StorageAccountKeyIsEncryptedOption) &&
Boolean.Parse(options[Constants.StorageAccountKeyIsEncryptedOption]);
if (keyIsEncrypted)
{
key = EncryptionUtility.DecryptText(key).ToString();
}
return(key);
}
protected override CloudStorageAccount GetCloudStorageAccount()
{
CloudStorageAccount storageAccount;
if (this.azureBlobBackupStore.IsAccountKeyEncrypted)
{
storageAccount = CloudStorageAccount.Parse(this.SecureStringToString(EncryptionUtility.DecryptText(this.azureBlobBackupStore.ConnectionString)));
}
else
{
storageAccount = CloudStorageAccount.Parse(this.azureBlobBackupStore.ConnectionString);
}
return(storageAccount);
}
public AzureBlobRecoveryPointStore(Model.AzureBlobBackupStorageInfo azureBlobStoreInformation) : base(azureBlobStoreInformation)
{
this._storeInformation = azureBlobStoreInformation;
if (azureBlobStoreInformation.IsConnectionStringEncrypted)
{
using (var secureString = EncryptionUtility.DecryptText(azureBlobStoreInformation.ConnectionString))
{
this.container = AzureBlobStoreHelper.GetContainer(UtilityHelper.ConvertToUnsecureString(secureString), this._storeInformation.ContainerName);
}
}
else
{
this.container = AzureBlobStoreHelper.GetContainer(this._storeInformation.ConnectionString, this._storeInformation.ContainerName);
}
}
/// <summary>
/// Translates encrypted secret which key given as argument to SecureString.
/// </summary>
/// <returns>The cofiguration passed - as SecureString, Or null if the configuration doesn't exist</returns>
/// <exception cref="InvalidOperationException">Thrown when failed to translate encrypted secret to SecureString</exception>
public static SecureString GetSecret(this IConfiguration configutations, string configurationName)
{
string encryptedSecret = configutations[configurationName];
if (encryptedSecret == null)
{
return(null);
}
try
{
return(EncryptionUtility.DecryptText(encryptedSecret));
}
catch (COMException exception)
{
throw new InvalidOperationException($"configuration value for key {configurationName} is not a valid encrypted value", exception);
}
}
private BackupStorage UpdateSecretInStorage(BackupStorage storage, string thumbprintFromManifest, string x509StoreNameFromManifest, CancellationToken cancellationToken)
{
if (storage.BackupStorageType == BackupStorageType.AzureBlobStore)
{
var azureStorage = (AzureBlobBackupStorageInfo)storage;
if (!azureStorage.IsConnectionStringEncrypted && String.IsNullOrEmpty(thumbprintFromManifest))
{
return(storage);
}
if (azureStorage.IsConnectionStringEncrypted)
{
return(azureStorage.ToBuilder()
.WithConnectionString(UtilityHelper.ConvertToUnsecureString(EncryptionUtility.DecryptText(azureStorage.ConnectionString)))
.SetIsConnectionStringEncrypted(false)
.Build());
}
if (!String.IsNullOrEmpty(thumbprintFromManifest))
{
return(azureStorage.ToBuilder()
.WithConnectionString(EncryptionUtility.EncryptText(azureStorage.ConnectionString, thumbprintFromManifest, x509StoreNameFromManifest))
.SetIsConnectionStringEncrypted(true)
.Build());
}
}
else if (storage.BackupStorageType == BackupStorageType.FileShare)
{
var fileShareStorage = (FileShareBackupStorageInfo)storage;
if (!fileShareStorage.IsPasswordEncrypted && String.IsNullOrEmpty(thumbprintFromManifest))
{
return(storage);
}
if (fileShareStorage.IsPasswordEncrypted)
{
var builder = fileShareStorage.ToBuilder()
.SetIsPasswordEncrypted(false);
if (!String.IsNullOrEmpty(fileShareStorage.PrimaryPassword))
{
builder.WithPrimaryPassword(UtilityHelper.ConvertToUnsecureString(EncryptionUtility.DecryptText(fileShareStorage.PrimaryPassword)));
}
if (!String.IsNullOrEmpty(fileShareStorage.SecondaryPassword))
{
builder.WithSecondaryPassword(UtilityHelper.ConvertToUnsecureString(EncryptionUtility.DecryptText(fileShareStorage.SecondaryPassword)));
}
return(builder.Build());
}
if (!String.IsNullOrEmpty(thumbprintFromManifest))
{
var builder = fileShareStorage.ToBuilder()
.SetIsPasswordEncrypted(true);
if (!String.IsNullOrEmpty(fileShareStorage.PrimaryPassword))
{
builder.WithPrimaryPassword(EncryptionUtility.EncryptText(fileShareStorage.PrimaryPassword, thumbprintFromManifest, x509StoreNameFromManifest));
}
if (!String.IsNullOrEmpty(fileShareStorage.SecondaryPassword))
{
builder.WithSecondaryPassword(EncryptionUtility.EncryptText(fileShareStorage.SecondaryPassword, thumbprintFromManifest, x509StoreNameFromManifest));
}
return(builder.Build());
}
}
else if (storage.BackupStorageType == BackupStorageType.DsmsAzureBlobStore)
{
// DsmsAzureBlobStorage doesn't contain any encrypted strings, return the original value.
return(storage);
}
throw new ArgumentException("Invalid storage type");
}
private void InvokeDecryptText(string cipherText)
{
Console.WriteLine(EncryptionUtility.DecryptText(cipherText));
}
private WindowsIdentity GetIdentityToImpersonate()
{
WindowsIdentity identity;
var domainUserNameToTry = this._storeInformation.PrimaryUserName;
var passwordToTry = this._storeInformation.PrimaryPassword;
var retrying = false;
do
{
string domainName, userName;
var tokens = domainUserNameToTry.Split(PathSeparator);
if (tokens.Length == 2)
{
domainName = tokens[0];
userName = tokens[1];
}
else
{
domainName = ".";
userName = domainUserNameToTry;
}
try
{
if (this._storeInformation.IsPasswordEncrypted)
{
var password = EncryptionUtility.DecryptText(passwordToTry);
identity = AccountHelper.CreateWindowsIdentity(
userName,
domainName,
password,
false,
NativeHelper.LogonType.LOGON32_LOGON_NEW_CREDENTIALS,
NativeHelper.LogonProvider.LOGON32_PROVIDER_WINNT50);
}
else
{
identity = AccountHelper.CreateWindowsIdentity(
userName,
domainName,
passwordToTry,
false,
NativeHelper.LogonType.LOGON32_LOGON_NEW_CREDENTIALS,
NativeHelper.LogonProvider.LOGON32_PROVIDER_WINNT50);
}
break;
}
catch (InvalidOperationException)
{
// Retry with secondary if secondary password exist
if (retrying || String.IsNullOrEmpty(this._storeInformation.SecondaryUserName))
{
throw;
}
domainUserNameToTry = this._storeInformation.SecondaryUserName;
passwordToTry = this._storeInformation.SecondaryPassword;
retrying = true;
}
} while (true);
return(identity);
}
