1 //------------------------------------------------------------------------------
3 // Copyright (c) Microsoft Corporation.
4 // All rights reserved.
6 // This code is licensed under the MIT License.
8 // Permission is hereby granted, free of charge, to any person obtaining a copy
9 // of this software and associated documentation files(the "Software"), to deal
10 // in the Software without restriction, including without limitation the rights
11 // to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
12 // copies of the Software, and to permit persons to whom the Software is
13 // furnished to do so, subject to the following conditions :
15 // The above copyright notice and this permission notice shall be included in
16 // all copies or substantial portions of the Software.
18 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
21 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 //------------------------------------------------------------------------------
30 using System.Security.Cryptography;
34 namespace Microsoft.IdentityModel.Clients.ActiveDirectory
36 static class BrokerKeyHelper
38 private const string LocalSettingsContainerName = "ActiveDirectoryAuthenticationLibrary";
40 internal static String GetBase64UrlBrokerKey()
42 return Base64UrlEncoder.Encode(GetRawBrokerKey());
45 internal static byte[] GetRawBrokerKey()
47 byte[] brokerKey = null;
48 SecRecord record = new SecRecord(SecKind.GenericPassword)
50 Generic = NSData.FromString(LocalSettingsContainerName),
51 Service = "Broker Key Service",
52 Account = "Broker Key Account",
53 Label = "Broker Key Label",
54 Comment = "Broker Key Comment",
55 Description = "Storage for broker key"
58 NSData key = SecKeyChain.QueryAsData(record);
61 AesManaged algo = new AesManaged();
63 byte[] rawBytes = algo.Key;
64 NSData byteData = NSData.FromArray(rawBytes);
65 record = new SecRecord(SecKind.GenericPassword)
67 Generic = NSData.FromString(LocalSettingsContainerName),
68 Service = "Broker Key Service",
69 Account = "Broker Key Account",
70 Label = "Broker Key Label",
71 Comment = "Broker Key Comment",
72 Description = "Storage for broker key",
76 var result = SecKeyChain.Add(record);
77 if (result != SecStatusCode.Success)
79 PlatformPlugin.Logger.Warning(null, "Failed to save broker key: " + result);
82 brokerKey = byteData.ToArray();
86 brokerKey = key.ToArray();
92 internal static String DecryptBrokerResponse(String encryptedBrokerResponse)
94 byte[] outputBytes = Base64UrlEncoder.DecodeBytes(encryptedBrokerResponse);
95 string plaintext = string.Empty;
97 using (MemoryStream memoryStream = new MemoryStream(outputBytes))
99 byte[] key = GetRawBrokerKey();
101 AesManaged algo = GetCryptoAlgorithm(key);
102 using (CryptoStream cryptoStream = new CryptoStream(memoryStream, algo.CreateDecryptor(), CryptoStreamMode.Read))
104 using (StreamReader srDecrypt = new StreamReader(cryptoStream))
106 plaintext = srDecrypt.ReadToEnd();
114 private static AesManaged GetCryptoAlgorithm(byte[] key)
116 AesManaged algorithm = new AesManaged();
118 //set the mode, padding and block size
119 algorithm.Padding = PaddingMode.PKCS7;
120 algorithm.Mode = CipherMode.CBC;
121 algorithm.KeySize = 256;
122 algorithm.BlockSize = 128;
128 algorithm.IV = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };