public void TestEncryptionDecryptionAPI() { FabricClient client = new FabricClient(); string text = "Lazy Fox jumped"; string encryptedText = EncryptionUtility.EncryptText( text, "78 12 20 5a 39 d2 23 76 da a0 37 f0 5a ed e3 60 1a 7e 64 bf", X509Credentials.StoreNameDefault, StoreLocation.LocalMachine, null); string resultStr = new string(SecureStringToCharArray(EncryptionUtility.DecryptText(encryptedText))); Assert.AreEqual <string>(text, resultStr); LogHelper.Log("Decrypted text is {0}", resultStr); try { string encryptedText2 = EncryptionUtility.EncryptText( text, "aa 79 54 22 7e 61 82 1d 8a 72 48 55 8b 7c 62 67 33 07 96 c5", X509Credentials.StoreNameDefault); Assert.AreNotEqual <string>(encryptedText, encryptedText2); } catch (COMException e) { LogHelper.Log("Got expected exception {0}", e.Message); Assert.IsTrue(e is COMException); } }
// TODO: Avoid returning a string because strings are immutable and hence we cannot clear out the // secret from memory when we are done using it. internal static string GetStorageAccountKey(Dictionary <string, string> options) { string key = options[Constants.StorageAccountKeyOption].Trim(); bool keyIsEncrypted = options.ContainsKey(Constants.StorageAccountKeyIsEncryptedOption) && Boolean.Parse(options[Constants.StorageAccountKeyIsEncryptedOption]); if (keyIsEncrypted) { key = EncryptionUtility.DecryptText(key).ToString(); } return(key); }
protected override CloudStorageAccount GetCloudStorageAccount() { CloudStorageAccount storageAccount; if (this.azureBlobBackupStore.IsAccountKeyEncrypted) { storageAccount = CloudStorageAccount.Parse(this.SecureStringToString(EncryptionUtility.DecryptText(this.azureBlobBackupStore.ConnectionString))); } else { storageAccount = CloudStorageAccount.Parse(this.azureBlobBackupStore.ConnectionString); } return(storageAccount); }
public AzureBlobRecoveryPointStore(Model.AzureBlobBackupStorageInfo azureBlobStoreInformation) : base(azureBlobStoreInformation) { this._storeInformation = azureBlobStoreInformation; if (azureBlobStoreInformation.IsConnectionStringEncrypted) { using (var secureString = EncryptionUtility.DecryptText(azureBlobStoreInformation.ConnectionString)) { this.container = AzureBlobStoreHelper.GetContainer(UtilityHelper.ConvertToUnsecureString(secureString), this._storeInformation.ContainerName); } } else { this.container = AzureBlobStoreHelper.GetContainer(this._storeInformation.ConnectionString, this._storeInformation.ContainerName); } }
/// <summary> /// Translates encrypted secret which key given as argument to SecureString. /// </summary> /// <returns>The cofiguration passed - as SecureString, Or null if the configuration doesn't exist</returns> /// <exception cref="InvalidOperationException">Thrown when failed to translate encrypted secret to SecureString</exception> public static SecureString GetSecret(this IConfiguration configutations, string configurationName) { string encryptedSecret = configutations[configurationName]; if (encryptedSecret == null) { return(null); } try { return(EncryptionUtility.DecryptText(encryptedSecret)); } catch (COMException exception) { throw new InvalidOperationException($"configuration value for key {configurationName} is not a valid encrypted value", exception); } }
private BackupStorage UpdateSecretInStorage(BackupStorage storage, string thumbprintFromManifest, string x509StoreNameFromManifest, CancellationToken cancellationToken) { if (storage.BackupStorageType == BackupStorageType.AzureBlobStore) { var azureStorage = (AzureBlobBackupStorageInfo)storage; if (!azureStorage.IsConnectionStringEncrypted && String.IsNullOrEmpty(thumbprintFromManifest)) { return(storage); } if (azureStorage.IsConnectionStringEncrypted) { return(azureStorage.ToBuilder() .WithConnectionString(UtilityHelper.ConvertToUnsecureString(EncryptionUtility.DecryptText(azureStorage.ConnectionString))) .SetIsConnectionStringEncrypted(false) .Build()); } if (!String.IsNullOrEmpty(thumbprintFromManifest)) { return(azureStorage.ToBuilder() .WithConnectionString(EncryptionUtility.EncryptText(azureStorage.ConnectionString, thumbprintFromManifest, x509StoreNameFromManifest)) .SetIsConnectionStringEncrypted(true) .Build()); } } else if (storage.BackupStorageType == BackupStorageType.FileShare) { var fileShareStorage = (FileShareBackupStorageInfo)storage; if (!fileShareStorage.IsPasswordEncrypted && String.IsNullOrEmpty(thumbprintFromManifest)) { return(storage); } if (fileShareStorage.IsPasswordEncrypted) { var builder = fileShareStorage.ToBuilder() .SetIsPasswordEncrypted(false); if (!String.IsNullOrEmpty(fileShareStorage.PrimaryPassword)) { builder.WithPrimaryPassword(UtilityHelper.ConvertToUnsecureString(EncryptionUtility.DecryptText(fileShareStorage.PrimaryPassword))); } if (!String.IsNullOrEmpty(fileShareStorage.SecondaryPassword)) { builder.WithSecondaryPassword(UtilityHelper.ConvertToUnsecureString(EncryptionUtility.DecryptText(fileShareStorage.SecondaryPassword))); } return(builder.Build()); } if (!String.IsNullOrEmpty(thumbprintFromManifest)) { var builder = fileShareStorage.ToBuilder() .SetIsPasswordEncrypted(true); if (!String.IsNullOrEmpty(fileShareStorage.PrimaryPassword)) { builder.WithPrimaryPassword(EncryptionUtility.EncryptText(fileShareStorage.PrimaryPassword, thumbprintFromManifest, x509StoreNameFromManifest)); } if (!String.IsNullOrEmpty(fileShareStorage.SecondaryPassword)) { builder.WithSecondaryPassword(EncryptionUtility.EncryptText(fileShareStorage.SecondaryPassword, thumbprintFromManifest, x509StoreNameFromManifest)); } return(builder.Build()); } } else if (storage.BackupStorageType == BackupStorageType.DsmsAzureBlobStore) { // DsmsAzureBlobStorage doesn't contain any encrypted strings, return the original value. return(storage); } throw new ArgumentException("Invalid storage type"); }
private void InvokeDecryptText(string cipherText) { Console.WriteLine(EncryptionUtility.DecryptText(cipherText)); }
private WindowsIdentity GetIdentityToImpersonate() { WindowsIdentity identity; var domainUserNameToTry = this._storeInformation.PrimaryUserName; var passwordToTry = this._storeInformation.PrimaryPassword; var retrying = false; do { string domainName, userName; var tokens = domainUserNameToTry.Split(PathSeparator); if (tokens.Length == 2) { domainName = tokens[0]; userName = tokens[1]; } else { domainName = "."; userName = domainUserNameToTry; } try { if (this._storeInformation.IsPasswordEncrypted) { var password = EncryptionUtility.DecryptText(passwordToTry); identity = AccountHelper.CreateWindowsIdentity( userName, domainName, password, false, NativeHelper.LogonType.LOGON32_LOGON_NEW_CREDENTIALS, NativeHelper.LogonProvider.LOGON32_PROVIDER_WINNT50); } else { identity = AccountHelper.CreateWindowsIdentity( userName, domainName, passwordToTry, false, NativeHelper.LogonType.LOGON32_LOGON_NEW_CREDENTIALS, NativeHelper.LogonProvider.LOGON32_PROVIDER_WINNT50); } break; } catch (InvalidOperationException) { // Retry with secondary if secondary password exist if (retrying || String.IsNullOrEmpty(this._storeInformation.SecondaryUserName)) { throw; } domainUserNameToTry = this._storeInformation.SecondaryUserName; passwordToTry = this._storeInformation.SecondaryPassword; retrying = true; } } while (true); return(identity); }