using System; using System.Collections.Specialized; using System.Configuration; using System.IO; using System.Security.Cryptography; using System.Security.Cryptography.Xml; using System.Text; using System.Xml; using System.Xml.XPath; namespace Mono.Configuration.Crypto { public class ConfigSection { static readonly char[] sectionSplitChars = { '/' }; ProtectedConfigurationProvider GetProvider (string providerName, string containerName, bool useMachineStore) { if (String.IsNullOrEmpty (providerName)) providerName = ProtectedConfiguration.DefaultProvider; ProtectedConfigurationProvider prov = ProtectedConfiguration.Providers [providerName]; if (prov == null) throw new InvalidOperationException (String.Format ("Provider '{0}' is unknown.", providerName)); // We need to create a new instance in order to be able to pass our own // parameters to the provider var ret = Activator.CreateInstance (prov.GetType ()) as ProtectedConfigurationProvider; ret.Initialize (providerName, new NameValueCollection { {"keyContainerName", containerName}, {"useMachineContainer", useMachineStore.ToString ()}, } ); return ret; } string BuildXPathExpression (string configSection) { var sb = new StringBuilder ("//config:configuration"); string[] parts = configSection.Split (sectionSplitChars); foreach (string s in parts) sb.Append ("/config:" + s); return sb.ToString (); } bool IsValidSection (string configFile, string configSection) { var exeMap = new ExeConfigurationFileMap (); exeMap.ExeConfigFilename = configFile; global::System.Configuration.Configuration config = ConfigurationManager.OpenMappedExeConfiguration (exeMap, ConfigurationUserLevel.None); if (config == null) return false; try { var cs = config.GetSection (configSection) as ConfigurationSection; if (cs == null) return false; } catch (CryptographicException) { // Ignore - it's ok, since we only want to know if the section is // valid and this exception is thrown when an attempt to decrypt a // section is made and the protection provider for some reason // didn't do the job (e.g. we encrypted the section with local store // key container and the provider wants to access a global store one // and cannot find it) } return true; } string LoadSection (string configFile, string configSection, string containerName, bool useMachineStore, out XmlDocument doc, out XmlNode section, out ProtectedConfigurationProvider provider) { if (!IsValidSection (configFile, configSection)) throw new InvalidOperationException (String.Format ("Section '{0}' is not a valid section in file '{1}'", configSection, configFile)); // This should be done using Configuration, but currently the Mono // System.Configuration saves configuration files without preserving // non-significant whitespace which gives a very ugly result. doc = new XmlDocument (); doc.PreserveWhitespace = true; doc.Load (configFile); XmlNamespaceManager nsmgr = null; XmlElement root = doc.DocumentElement; string ns = null; if (root.HasAttributes) { ns = root.GetAttribute ("xmlns"); if (!String.IsNullOrEmpty (ns)) { nsmgr = new XmlNamespaceManager (doc.NameTable); nsmgr.AddNamespace ("config", ns); } } section = doc.DocumentElement.SelectSingleNode (BuildXPathExpression (configSection), nsmgr); // This check is necessary even though IsValidSection returned true - it's // because the section might have been found in files other than the one // we're processing. if (section == null) throw new InvalidOperationException (String.Format ("Section '{0}' not found in config file '{1}'", configSection, configFile)); XmlAttribute attr = section.Attributes ["configProtectionProvider"]; string configProtectionProvider = attr == null ? null : attr.Value; provider = GetProvider (configProtectionProvider, containerName, useMachineStore); return ns; } void SaveWithBackup (string configFile, XmlDocument doc) { string backupFile = configFile + ".save"; bool copied = false; try { File.Copy (configFile, backupFile, true); copied = true; using (var fs = File.Open (configFile, FileMode.Truncate, FileAccess.Write, FileShare.None)) { doc.Save (fs); fs.Flush (); } } catch { if (copied) File.Copy (backupFile, configFile); } finally { if (copied) File.Delete (backupFile); } } public void Encrypt (string configFile, string configSection, string containerName, bool useMachineStore) { if (String.IsNullOrEmpty (configFile)) throw new ArgumentNullException ("configFile"); if (String.IsNullOrEmpty (configSection)) throw new ArgumentNullException ("configSection"); if (String.IsNullOrEmpty (containerName)) throw new ArgumentNullException ("containerName"); XmlNode section; XmlDocument doc; ProtectedConfigurationProvider provider; string ns = LoadSection (configFile, configSection, containerName, useMachineStore, out doc, out section, out provider); XmlNode encrypted = provider.Encrypt (section); if (encrypted == null) throw new InvalidOperationException (String.Format ("Failed to encrypt '{0}' section in config file '{1}'", configSection, configFile)); XmlNode newSection = doc.CreateElement (section.Name, ns); XmlAttribute attr = doc.CreateAttribute ("configProtectionProvider"); attr.Value = provider.Name; newSection.InnerXml = encrypted.OuterXml; newSection.Attributes.Append (attr); section.ParentNode.ReplaceChild (newSection, section); SaveWithBackup (configFile, doc); } public void Decrypt (string configFile, string configSection, string containerName, bool useMachineStore) { if (String.IsNullOrEmpty (configFile)) throw new ArgumentNullException ("configFile"); if (String.IsNullOrEmpty (configSection)) throw new ArgumentNullException ("configSection"); if (String.IsNullOrEmpty (containerName)) throw new ArgumentNullException ("containerName"); XmlNode section; XmlDocument doc; ProtectedConfigurationProvider provider; LoadSection (configFile, configSection, containerName, useMachineStore, out doc, out section, out provider); XmlNode decrypted = provider.Decrypt (section); XmlNode newNode = doc.ImportNode (decrypted.FirstChild, true); XmlAttribute attr = newNode.Attributes ["xmlns"]; if (attr != null) newNode.Attributes.Remove (attr); section.ParentNode.ReplaceChild (newNode, section); SaveWithBackup (configFile, doc); } } }