Tools/dotnetcli/sdk/NuGetFallbackFolder/microsoft.identitymodel.clients.activedirectory/3.14.1/src/src/ADAL.PCL.iOS/BrokerKeyHelper.cs

   1 //------------------------------------------------------------------------------
   2 //
   3 // Copyright (c) Microsoft Corporation.
   4 // All rights reserved.
   5 //
   6 // This code is licensed under the MIT License.
   7 //
   8 // Permission is hereby granted, free of charge, to any person obtaining a copy
   9 // of this software and associated documentation files(the "Software"), to deal
  10 // in the Software without restriction, including without limitation the rights
  11 // to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
  12 // copies of the Software, and to permit persons to whom the Software is
  13 // furnished to do so, subject to the following conditions :
  14 //
  15 // The above copyright notice and this permission notice shall be included in
  16 // all copies or substantial portions of the Software.
  17 //
  18 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  19 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  20 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
  21 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  22 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  23 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  24 // THE SOFTWARE.
  25 //
  26 //------------------------------------------------------------------------------
  27
  28 using System;
  29 using System.IO;
  30 using System.Security.Cryptography;
  31 using Foundation;
  32 using Security;
  33
  34 namespace Microsoft.IdentityModel.Clients.ActiveDirectory
  35 {
  36     static class BrokerKeyHelper
  37     {
  38         private const string LocalSettingsContainerName = "ActiveDirectoryAuthenticationLibrary";
  39
  40         internal static String GetBase64UrlBrokerKey()
  41         {
  42             return Base64UrlEncoder.Encode(GetRawBrokerKey());
  43         }
  44
  45         internal static byte[] GetRawBrokerKey()
  46         {
  47             byte[] brokerKey = null;
  48             SecRecord record = new SecRecord(SecKind.GenericPassword)
  49             {
  50                 Generic = NSData.FromString(LocalSettingsContainerName),
  51                 Service = "Broker Key Service",
  52                 Account = "Broker Key Account",
  53                 Label = "Broker Key Label",
  54                 Comment = "Broker Key Comment",
  55                 Description = "Storage for broker key"
  56             };
  57
  58             NSData key = SecKeyChain.QueryAsData(record);
  59             if (key == null)
  60             {
  61                 AesManaged algo = new AesManaged();
  62                 algo.GenerateKey();
  63                 byte[] rawBytes = algo.Key;
  64                 NSData byteData = NSData.FromArray(rawBytes);
  65                 record = new SecRecord(SecKind.GenericPassword)
  66                 {
  67                     Generic = NSData.FromString(LocalSettingsContainerName),
  68                     Service = "Broker Key Service",
  69                     Account = "Broker Key Account",
  70                     Label = "Broker Key Label",
  71                     Comment = "Broker Key Comment",
  72                     Description = "Storage for broker key",
  73                     ValueData = byteData
  74                 };
  75
  76                 var result = SecKeyChain.Add(record);
  77                 if (result != SecStatusCode.Success)
  78                 {
  79                     PlatformPlugin.Logger.Warning(null, "Failed to save broker key: " + result);
  80                 }
  81
  82                 brokerKey = byteData.ToArray();
  83             }
  84             else
  85             {
  86                 brokerKey = key.ToArray();
  87             }
  88
  89             return brokerKey;
  90         }
  91
  92         internal static String DecryptBrokerResponse(String encryptedBrokerResponse)
  93         {
  94             byte[] outputBytes = Base64UrlEncoder.DecodeBytes(encryptedBrokerResponse);
  95             string plaintext = string.Empty;
  96
  97             using (MemoryStream memoryStream = new MemoryStream(outputBytes))
  98             {
  99                 byte[] key = GetRawBrokerKey();
 100
 101                 AesManaged algo = GetCryptoAlgorithm(key);
 102                 using (CryptoStream cryptoStream = new CryptoStream(memoryStream, algo.CreateDecryptor(), CryptoStreamMode.Read))
 103                 {
 104                     using (StreamReader srDecrypt = new StreamReader(cryptoStream))
 105                     {
 106                         plaintext = srDecrypt.ReadToEnd();
 107                     }
 108                 }
 109             }
 110
 111             return plaintext;
 112         }
 113
 114         private static AesManaged GetCryptoAlgorithm(byte[] key)
 115         {
 116             AesManaged algorithm = new AesManaged();
 117
 118             //set the mode, padding and block size
 119             algorithm.Padding = PaddingMode.PKCS7;
 120             algorithm.Mode = CipherMode.CBC;
 121             algorithm.KeySize = 256;
 122             algorithm.BlockSize = 128;
 123             if (key != null)
 124             {
 125                 algorithm.Key = key;
 126             }
 127
 128             algorithm.IV = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
 129             return algorithm;
 130         }
 131     }
 132 }