added password decryption decorator

This commit is contained in:
David Sparer
2017-04-02 21:28:50 -06:00
parent e8d645467f
commit 2387f183e9
5 changed files with 92 additions and 2 deletions

View File

@@ -0,0 +1,43 @@
using System.Linq;
using System.Security;
using mRemoteNG.Config.Serializers.CredentialSerializer;
using mRemoteNG.Security;
using mRemoteNG.Security.SymmetricEncryption;
using NUnit.Framework;
namespace mRemoteNGTests.Config.Serializers.CredentialSerializers
{
public class XmlCredentialPasswordDecryptorDecoratorTests
{
private XmlCredentialPasswordDecryptorDecorator _sut;
private readonly SecureString _decryptionKey = "myKey1".ConvertToSecureString();
private string _unencryptedPassword = "myPassword1";
[SetUp]
public void Setup()
{
var baseDeserializer = new XmlCredentialRecordDeserializer();
_sut = new XmlCredentialPasswordDecryptorDecorator(_decryptionKey, baseDeserializer);
}
[Test]
public void OutputedCredentialHasDecryptedPassword()
{
var xml = GenerateXml();
var output = _sut.Deserialize(xml);
Assert.That(output.First().Password.ConvertToUnsecureString(), Is.EqualTo(_unencryptedPassword));
}
private string GenerateXml()
{
var cryptoProvider = new AeadCryptographyProvider();
var encryptedPassword = cryptoProvider.Encrypt(_unencryptedPassword, _decryptionKey);
return
"<?xml version=\"1.0\" encoding=\"utf-8\"?>" +
$"<Credentials EncryptionEngine=\"{cryptoProvider.CipherEngine}\" BlockCipherMode=\"{cryptoProvider.CipherMode}\" KdfIterations=\"{cryptoProvider.KeyDerivationIterations}\" SchemaVersion=\"1.0\">" +
$"<Credential Id=\"ce6b0397-d476-4ffe-884b-dbe9347a88a8\" Title=\"New Credential\" Username=\"asdfasdf\" Domain=\"\" Password=\"{encryptedPassword}\" />" +
"</Credentials>";
}
}
}

View File

@@ -113,6 +113,7 @@
<Compile Include="Config\CredentialHarvesterTests.cs" />
<Compile Include="Config\Serializers\ConfConsEnsureConnectionsHaveIdsTests.cs" />
<Compile Include="Config\Serializers\CredentialProviderSerializerTests.cs" />
<Compile Include="Config\Serializers\CredentialSerializers\XmlCredentialPasswordDecryptorDecoratorTests.cs" />
<Compile Include="Config\Serializers\CredentialSerializers\XmlCredentialPasswordEncryptorDecoratorTests.cs" />
<Compile Include="Config\Serializers\MiscSerializers\CsvConnectionsSerializerMremotengFormatTests.cs" />
<Compile Include="Config\Serializers\DataTableSerializerTests.cs" />

View File

@@ -0,0 +1,46 @@
using System;
using System.Collections.Generic;
using System.Security;
using System.Xml.Linq;
using mRemoteNG.Credential;
using mRemoteNG.Security;
namespace mRemoteNG.Config.Serializers.CredentialSerializer
{
public class XmlCredentialPasswordDecryptorDecorator : IDeserializer<string, IEnumerable<ICredentialRecord>>
{
private readonly IDeserializer<string, IEnumerable<ICredentialRecord>> _baseDeserializer;
private readonly SecureString _decryptionKey;
public XmlCredentialPasswordDecryptorDecorator(SecureString decryptionKey, IDeserializer<string, IEnumerable<ICredentialRecord>> baseDeserializer)
{
if (decryptionKey == null)
throw new ArgumentNullException(nameof(decryptionKey));
if (baseDeserializer == null)
throw new ArgumentNullException(nameof(baseDeserializer));
_decryptionKey = decryptionKey;
_baseDeserializer = baseDeserializer;
}
public IEnumerable<ICredentialRecord> Deserialize(string xml)
{
var decryptedXml = DecryptPasswords(xml);
return _baseDeserializer.Deserialize(decryptedXml);
}
private string DecryptPasswords(string xml)
{
var xdoc = XDocument.Parse(xml);
var cryptoProvider = CryptographyProviderFactory.BuildFromXml(xdoc.Root);
foreach (var credentialElement in xdoc.Descendants())
{
var passwordAttribute = credentialElement.Attribute("Password");
if (passwordAttribute == null) continue;
var decryptedPassword = cryptoProvider.Decrypt(passwordAttribute.Value, _decryptionKey);
passwordAttribute.SetValue(decryptedPassword);
}
return xdoc.ToString();
}
}
}

View File

@@ -1,14 +1,13 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security;
using System.Xml.Linq;
using mRemoteNG.Credential;
using mRemoteNG.Security;
namespace mRemoteNG.Config.Serializers.CredentialSerializer
{
public class XmlCredentialRecordDeserializer
public class XmlCredentialRecordDeserializer : IDeserializer<string, IEnumerable<ICredentialRecord>>
{
public string SchemaVersion { get; } = "1.0";

View File

@@ -142,6 +142,7 @@
<Compile Include="Config\CredentialRepositoryListSaver.cs" />
<Compile Include="Config\Serializers\CredentialProviderSerializer\CredentialRepositoryListDeserializer.cs" />
<Compile Include="Config\CredentialRepositoryListLoader.cs" />
<Compile Include="Config\Serializers\CredentialSerializer\XmlCredentialPasswordDecryptorDecorator.cs" />
<Compile Include="Config\Serializers\CredentialSerializer\XmlCredentialPasswordEncryptorDecorator.cs" />
<Compile Include="Config\Serializers\MiscSerializers\ActiveDirectoryDeserializer.cs" />
<Compile Include="Config\Serializers\CredentialProviderSerializer\CredentialRepositoryListSerializer.cs" />