File: DataProtectorCryptoService.cs

package info (click to toggle)
mono 6.14.1%2Bds2-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,282,732 kB
  • sloc: cs: 11,182,461; xml: 2,850,281; ansic: 699,123; cpp: 122,919; perl: 58,604; javascript: 30,841; asm: 21,845; makefile: 19,602; sh: 10,973; python: 4,772; pascal: 925; sql: 859; sed: 16; php: 1
file content (56 lines) | stat: -rw-r--r-- 2,483 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
//------------------------------------------------------------------------------
// <copyright file="DataProtectorCryptoService.cs" company="Microsoft">
//     Copyright (c) Microsoft Corporation.  All rights reserved.
// </copyright>                                                                
//------------------------------------------------------------------------------

namespace System.Web.Security.Cryptography {
    using System;
    using System.Security.Cryptography;

    // Uses the DataProtector class to protect sensitive information

    internal sealed class DataProtectorCryptoService : ICryptoService {

        private readonly IDataProtectorFactory _dataProtectorFactory;
        private readonly Purpose _purpose;

        public DataProtectorCryptoService(IDataProtectorFactory dataProtectorFactory, Purpose purpose) {
            _dataProtectorFactory = dataProtectorFactory;
            _purpose = purpose;
        }

        // Wraps the common logic of working with a DataProtector instance.
        // 'protect' is TRUE if we're calling Protect, FALSE if we're calling Unprotect.
        private byte[] PerformOperation(byte[] data, bool protect) {
            // Since the DataProtector might depend on the impersonated context, we must
            // work with it only under app-level impersonation. The idea behind this is
            // that if the cryptographic routine is provided by an OS-level implementation
            // (like DPAPI), any keys will be locked to the account of the web application
            // itself.
            using (new ApplicationImpersonationContext()) {
                DataProtector dataProtector = null;
                try {
                    dataProtector = _dataProtectorFactory.GetDataProtector(_purpose);
                    return (protect) ? dataProtector.Protect(data) : dataProtector.Unprotect(data);
                }
                finally {
                    // These instances are transient
                    IDisposable disposable = dataProtector as IDisposable;
                    if (disposable != null) {
                        disposable.Dispose();
                    }
                }
            }
        }

        public byte[] Protect(byte[] clearData) {
            return PerformOperation(clearData, protect: true);
        }

        public byte[] Unprotect(byte[] protectedData) {
            return PerformOperation(protectedData, protect: false);
        }

    }
}