294 lines
9.5 KiB
C#
294 lines
9.5 KiB
C#
//
|
|
// System.Web.Configuration.MachineKeySection
|
|
//
|
|
// Authors:
|
|
// Chris Toshok (toshok@ximian.com)
|
|
// Sebastien Pouliot <sebastien@ximian.com>
|
|
//
|
|
// (c) Copyright 2005, 2010 Novell, Inc (http://www.novell.com)
|
|
//
|
|
|
|
//
|
|
// Permission is hereby granted, free of charge, to any person obtaining
|
|
// a copy of this software and associated documentation files (the
|
|
// "Software"), to deal in the Software without restriction, including
|
|
// without limitation the rights to use, copy, modify, merge, publish,
|
|
// distribute, sublicense, and/or sell copies of the Software, and to
|
|
// permit persons to whom the Software is furnished to do so, subject to
|
|
// the following conditions:
|
|
//
|
|
// The above copyright notice and this permission notice shall be
|
|
// included in all copies or substantial portions of the Software.
|
|
//
|
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
//
|
|
|
|
|
|
using System;
|
|
using System.ComponentModel;
|
|
using System.Configuration;
|
|
using System.Security.Cryptography;
|
|
using System.Web.Util;
|
|
|
|
namespace System.Web.Configuration {
|
|
|
|
public sealed class MachineKeySection : ConfigurationSection
|
|
{
|
|
static ConfigurationProperty decryptionProp;
|
|
static ConfigurationProperty decryptionKeyProp;
|
|
static ConfigurationProperty validationProp;
|
|
static ConfigurationProperty validationKeyProp;
|
|
static ConfigurationPropertyCollection properties;
|
|
static MachineKeyValidationConverter converter = new MachineKeyValidationConverter ();
|
|
MachineKeyValidation validation;
|
|
|
|
static MachineKeySection ()
|
|
{
|
|
decryptionProp = new ConfigurationProperty ("decryption", typeof (string), "Auto",
|
|
PropertyHelper.WhiteSpaceTrimStringConverter,
|
|
PropertyHelper.NonEmptyStringValidator,
|
|
ConfigurationPropertyOptions.None);
|
|
decryptionKeyProp = new ConfigurationProperty ("decryptionKey", typeof (string), "AutoGenerate,IsolateApps",
|
|
PropertyHelper.WhiteSpaceTrimStringConverter,
|
|
PropertyHelper.NonEmptyStringValidator,
|
|
ConfigurationPropertyOptions.None);
|
|
validationProp = new ConfigurationProperty ("validation", typeof (string), "HMACSHA256",
|
|
PropertyHelper.WhiteSpaceTrimStringConverter,
|
|
PropertyHelper.NonEmptyStringValidator,
|
|
ConfigurationPropertyOptions.None);
|
|
validationKeyProp = new ConfigurationProperty ("validationKey", typeof (string), "AutoGenerate,IsolateApps",
|
|
PropertyHelper.WhiteSpaceTrimStringConverter,
|
|
PropertyHelper.NonEmptyStringValidator,
|
|
ConfigurationPropertyOptions.None);
|
|
|
|
properties = new ConfigurationPropertyCollection ();
|
|
|
|
properties.Add (decryptionProp);
|
|
properties.Add (decryptionKeyProp);
|
|
properties.Add (validationProp);
|
|
properties.Add (validationKeyProp);
|
|
|
|
Config.AutoGenerate (MachineKeyRegistryStorage.KeyType.Encryption);
|
|
Config.AutoGenerate (MachineKeyRegistryStorage.KeyType.Validation);
|
|
}
|
|
|
|
public MachineKeySection ()
|
|
{
|
|
// get DefaultValue from ValidationAlgorithm
|
|
validation = (MachineKeyValidation) converter.ConvertFrom (null, null, ValidationAlgorithm);
|
|
}
|
|
|
|
[MonoTODO]
|
|
public MachineKeyCompatibilityMode CompatibilityMode {
|
|
get; set;
|
|
}
|
|
|
|
protected internal override void Reset (ConfigurationElement parentElement)
|
|
{
|
|
base.Reset (parentElement);
|
|
decryption_key = null;
|
|
validation_key = null;
|
|
decryption_template = null;
|
|
validation_template = null;
|
|
}
|
|
|
|
[TypeConverter (typeof (WhiteSpaceTrimStringConverter))]
|
|
[StringValidator (MinLength = 1)]
|
|
[ConfigurationProperty ("decryption", DefaultValue = "Auto")]
|
|
public string Decryption {
|
|
get { return (string) base [decryptionProp];}
|
|
set {
|
|
decryption_template = MachineKeySectionUtils.GetDecryptionAlgorithm (value);
|
|
base[decryptionProp] = value;
|
|
}
|
|
}
|
|
|
|
[TypeConverter (typeof (WhiteSpaceTrimStringConverter))]
|
|
[StringValidator (MinLength = 1)]
|
|
[ConfigurationProperty ("decryptionKey", DefaultValue = "AutoGenerate,IsolateApps")]
|
|
public string DecryptionKey {
|
|
get { return (string) base [decryptionKeyProp];}
|
|
set {
|
|
base[decryptionKeyProp] = value;
|
|
SetDecryptionKey (value);
|
|
}
|
|
}
|
|
|
|
// property exists for backward compatibility
|
|
public MachineKeyValidation Validation {
|
|
get { return validation; }
|
|
set {
|
|
if (value == MachineKeyValidation.Custom)
|
|
throw new ArgumentException ();
|
|
|
|
string algo = value.ToString ();
|
|
// enum and accept values differs for TripleDES
|
|
ValidationAlgorithm = (algo == "TripleDES") ? "3DES" : algo;
|
|
}
|
|
}
|
|
|
|
[StringValidator (MinLength = 1)]
|
|
[TypeConverter (typeof (WhiteSpaceTrimStringConverter))]
|
|
[ConfigurationProperty ("validation", DefaultValue = "HMACSHA256")]
|
|
public string ValidationAlgorithm {
|
|
get { return (string) base [validationProp];}
|
|
set {
|
|
if (value == null)
|
|
return;
|
|
|
|
if (value.StartsWith ("alg:"))
|
|
validation = MachineKeyValidation.Custom;
|
|
else
|
|
validation = (MachineKeyValidation) converter.ConvertFrom (null, null, value);
|
|
|
|
base[validationProp] = value;
|
|
}
|
|
}
|
|
|
|
[TypeConverter (typeof (WhiteSpaceTrimStringConverter))]
|
|
[StringValidator (MinLength = 1)]
|
|
[ConfigurationProperty ("validationKey", DefaultValue = "AutoGenerate,IsolateApps")]
|
|
public string ValidationKey {
|
|
get { return (string) base [validationKeyProp];}
|
|
set {
|
|
base[validationKeyProp] = value;
|
|
SetValidationKey (value);
|
|
}
|
|
}
|
|
|
|
protected internal override ConfigurationPropertyCollection Properties {
|
|
get { return properties; }
|
|
}
|
|
|
|
|
|
internal static MachineKeySection Config {
|
|
get { return WebConfigurationManager.GetSection ("system.web/machineKey") as MachineKeySection; }
|
|
}
|
|
|
|
byte[] decryption_key;
|
|
byte[] validation_key;
|
|
SymmetricAlgorithm decryption_template;
|
|
KeyedHashAlgorithm validation_template;
|
|
|
|
internal SymmetricAlgorithm GetDecryptionAlgorithm ()
|
|
{
|
|
// code location to help with unit testing the code
|
|
return MachineKeySectionUtils.GetDecryptionAlgorithm (Decryption);
|
|
}
|
|
|
|
// not to be reused outside algorithm and key validation purpose
|
|
SymmetricAlgorithm DecryptionTemplate {
|
|
get {
|
|
if (decryption_template == null)
|
|
decryption_template = GetDecryptionAlgorithm ();
|
|
return decryption_template;
|
|
}
|
|
}
|
|
|
|
internal byte [] GetDecryptionKey ()
|
|
{
|
|
if (decryption_key == null)
|
|
SetDecryptionKey (DecryptionKey);
|
|
return decryption_key;
|
|
}
|
|
|
|
void SetDecryptionKey (string key)
|
|
{
|
|
if ((key == null) || key.StartsWith ("AutoGenerate")) {
|
|
decryption_key = AutoGenerate (MachineKeyRegistryStorage.KeyType.Encryption);
|
|
} else {
|
|
try {
|
|
decryption_key = MachineKeySectionUtils.GetBytes (key, key.Length);
|
|
DecryptionTemplate.Key = decryption_key;
|
|
}
|
|
catch {
|
|
decryption_key = null;
|
|
throw new ArgumentException ("Invalid key length");
|
|
}
|
|
}
|
|
}
|
|
|
|
internal KeyedHashAlgorithm GetValidationAlgorithm ()
|
|
{
|
|
// code location to help with unit testing the code
|
|
return MachineKeySectionUtils.GetValidationAlgorithm (this);
|
|
}
|
|
|
|
// not to be reused outside algorithm and key validation purpose
|
|
KeyedHashAlgorithm ValidationTemplate {
|
|
get {
|
|
if (validation_template == null)
|
|
validation_template = GetValidationAlgorithm ();
|
|
return validation_template;
|
|
}
|
|
}
|
|
|
|
internal byte [] GetValidationKey ()
|
|
{
|
|
if (validation_key == null)
|
|
SetValidationKey (ValidationKey);
|
|
return validation_key;
|
|
}
|
|
|
|
// key can be expended for HMAC - i.e. a small key, e.g. 32 bytes, is still accepted as valid
|
|
// the HMAC class already deals with keys larger than what it can use (digested to right size)
|
|
void SetValidationKey (string key)
|
|
{
|
|
if ((key == null) || key.StartsWith ("AutoGenerate")) {
|
|
validation_key = AutoGenerate (MachineKeyRegistryStorage.KeyType.Validation);
|
|
} else {
|
|
try {
|
|
validation_key = MachineKeySectionUtils.GetBytes (key, key.Length);
|
|
ValidationTemplate.Key = validation_key;
|
|
}
|
|
catch (CryptographicException) {
|
|
// second chance, use the key length that the HMAC really wants
|
|
try {
|
|
byte[] expanded_key = new byte [ValidationTemplate.Key.Length];
|
|
Array.Copy (validation_key, 0, expanded_key, 0, validation_key.Length);
|
|
ValidationTemplate.Key = expanded_key;
|
|
validation_key = expanded_key;
|
|
}
|
|
catch {
|
|
validation_key = null;
|
|
throw new ArgumentException ("Invalid key length");
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
byte[] AutoGenerate (MachineKeyRegistryStorage.KeyType type)
|
|
{
|
|
byte[] key = null;
|
|
try {
|
|
key = MachineKeyRegistryStorage.Retrieve (type);
|
|
|
|
// ensure the stored key is usable with the selection algorithm
|
|
if (type == MachineKeyRegistryStorage.KeyType.Encryption)
|
|
DecryptionTemplate.Key = key;
|
|
else if (type == MachineKeyRegistryStorage.KeyType.Validation)
|
|
ValidationTemplate.Key = key;
|
|
} catch (Exception) {
|
|
key = null;
|
|
}
|
|
// some algorithms have special needs for key (e.g. length, parity, weak keys...)
|
|
// so we better ask them to provide a default key (than to generate/use bad ones)
|
|
if (key == null) {
|
|
if (type == MachineKeyRegistryStorage.KeyType.Encryption)
|
|
key = DecryptionTemplate.Key;
|
|
else if (type == MachineKeyRegistryStorage.KeyType.Validation)
|
|
key = ValidationTemplate.Key;
|
|
MachineKeyRegistryStorage.Store (key, type);
|
|
}
|
|
return key;
|
|
}
|
|
}
|
|
}
|
|
|