From 44b4341fe7b26efcbae11b22c1e63ec9b194b998 Mon Sep 17 00:00:00 2001 From: kishor tripathy Date: Fri, 31 Oct 2025 11:45:13 +0530 Subject: [PATCH] Encrypt and Decrypt method in Security class was always returns same value becaue : both the key and IV (Initialization Vector) are derived deterministically from fixed values: https://chatgpt.com/s/t_690453eccae481918c45d78d2223490f --- gateway/ocelot.json | 20 +-- microservices/_layers/common/Security.cs | 167 ++++++++++++++++-- .../_layers/common/StartupExtensions.cs | 15 +- microservices/user/API.User.csproj | 1 + .../user/appsettings.Development.json | 3 +- microservices/user/appsettings.json | 3 +- microservices/user/web.config | 2 +- 7 files changed, 179 insertions(+), 32 deletions(-) diff --git a/gateway/ocelot.json b/gateway/ocelot.json index c46b634..229a4a5 100644 --- a/gateway/ocelot.json +++ b/gateway/ocelot.json @@ -8,7 +8,7 @@ "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { - "Host": "api-admin.odiprojects.com", + "Host": "api-admin.practicekea.com", "Port": 80 } ], @@ -16,9 +16,9 @@ "UpstreamHttpMethod": [ "Get", "Post", "Put", "Delete", "Options" ], "Priority": 1, - "“AuthenticationOptions”": { - "“AuthenticationProviderKey”": "IdentityApiKey", - "“AllowedScopes”": [] + "�AuthenticationOptions�": { + "�AuthenticationProviderKey�": "IdentityApiKey", + "�AllowedScopes�": [] } }, //==================================================== @@ -29,7 +29,7 @@ "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { - "Host": "api-institute.odiprojects.com", + "Host": "api-institute.practicekea.com", "Port": 80 } ], @@ -47,7 +47,7 @@ "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { - "Host": "api-teacher.odiprojects.com", + "Host": "api-teacher.practicekea.com", "Port": 80 } ], @@ -64,7 +64,7 @@ "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { - "Host": "api-user.odiprojects.com", + "Host": "api-user.practicekea.com", "Port": 80 } ], @@ -80,7 +80,7 @@ "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { - "Host": "api-bucket.odiprojects.com", + "Host": "api-bucket.practicekea.com", "Port": 80 } ], @@ -98,7 +98,7 @@ "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { - "Host": "api-student.odiprojects.com", + "Host": "api-student.practicekea.com", "Port": 80 } ], @@ -109,6 +109,6 @@ ], "GlobalConfiguration": { - "BaseUrl": "http://api.odiprojects.com" + "BaseUrl": "http://api.practicekea.com" } } \ No newline at end of file diff --git a/microservices/_layers/common/Security.cs b/microservices/_layers/common/Security.cs index 275edfe..ff80bef 100644 --- a/microservices/_layers/common/Security.cs +++ b/microservices/_layers/common/Security.cs @@ -1,4 +1,7 @@ -using System; +using FirebaseAdmin.Auth; +using Microsoft.IdentityModel.Tokens; +using OnlineAssessment.Domain.ViewModels; +using System; using System.Collections.Generic; using System.IdentityModel.Tokens.Jwt; using System.IO; @@ -6,10 +9,8 @@ using System.Linq; using System.Security.Claims; using System.Security.Cryptography; using System.Text; -using Microsoft.IdentityModel.Tokens; -using OnlineAssessment.Domain.ViewModels; -using FirebaseAdmin; -using FirebaseAdmin.Auth; + + namespace OnlineAssessment.Common { @@ -92,7 +93,7 @@ namespace OnlineAssessment.Common claims, expires: DateTime.Now.AddMinutes(120), signingCredentials: credential); - + var encodedToken = new JwtSecurityTokenHandler().WriteToken(token); return encodedToken; @@ -112,7 +113,7 @@ namespace OnlineAssessment.Common await FirebaseAuth.DefaultInstance.SetCustomUserClaimsAsync(uuid, claims); return null; - } + } public static string GetValueFromToken(string key, ClaimsIdentity identity) { @@ -125,14 +126,14 @@ namespace OnlineAssessment.Common Claim cl = null; if (claimList != null && claimList.Count > 0) { - if(key == "emailaddress") + if (key == "emailaddress") cl = claimList.Where(a => a.Type.Contains(key)).FirstOrDefault(); else cl = claimList.Where(a => a.Type == key).FirstOrDefault(); - + if (cl != null) val = cl.Value; } - + } catch { @@ -200,7 +201,85 @@ namespace OnlineAssessment.Common /// /// /// + //public static string Encrypt(string encryptString) + //{ + // string EncryptionKey = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; + // byte[] clearBytes = Encoding.Unicode.GetBytes(encryptString); + // using (Aes encryptor = Aes.Create()) + // { + // Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 }); + // encryptor.Key = pdb.GetBytes(32); + // encryptor.IV = pdb.GetBytes(16); + // using (MemoryStream ms = new MemoryStream()) + // { + // using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write)) + // { + // cs.Write(clearBytes, 0, clearBytes.Length); + // cs.Close(); + // } + // encryptString = Convert.ToBase64String(ms.ToArray()); + // } + // } + // return encryptString; + //} public static string Encrypt(string encryptString) + { + string EncryptionKey = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; + byte[] clearBytes = Encoding.Unicode.GetBytes(encryptString); + + using (Aes encryptor = Aes.Create()) + { + var pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { + 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, + 0x76, 0x65, 0x64, 0x65, 0x76 + }); + + encryptor.Key = pdb.GetBytes(32); + encryptor.GenerateIV(); // <--- random IV each time + + using (MemoryStream ms = new MemoryStream()) + { + // prepend IV to the ciphertext + ms.Write(encryptor.IV, 0, encryptor.IV.Length); + + using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write)) + { + cs.Write(clearBytes, 0, clearBytes.Length); + cs.Close(); + } + + encryptString = Convert.ToBase64String(ms.ToArray()); + } + } + + return encryptString; + } + + + public static string Encrypt2(string encryptString2) + { + string EncryptionKey = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; + byte[] clearBytes = Encoding.Unicode.GetBytes(encryptString2); + using (Aes encryptor = Aes.Create()) + { + Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 }); + encryptor.Key = pdb.GetBytes(32); + encryptor.IV = pdb.GetBytes(16); + using (MemoryStream ms = new MemoryStream()) + { + using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write)) + { + cs.Write(clearBytes, 0, clearBytes.Length); + cs.Close(); + } + encryptString2 = Convert.ToBase64String(ms.ToArray()); + } + } + return encryptString2; + } + + + public static string EncryptString(string encryptString) { string EncryptionKey = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; byte[] clearBytes = Encoding.Unicode.GetBytes(encryptString); @@ -254,7 +333,7 @@ namespace OnlineAssessment.Common } - public static string EncryptString(string s) + public static string EncryptString1(string s) { byte[] b = System.Text.ASCIIEncoding.ASCII.GetBytes(s); string encrypted = Convert.ToBase64String(b); @@ -278,4 +357,70 @@ namespace OnlineAssessment.Common } } + + + +public static class AesEncryptionHelper + { + private static readonly string EncryptionKey = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; + private static readonly byte[] Salt = new byte[] { 0x21, 0x42, 0x63, 0x84, 0xA5, 0xC6, 0xE7, 0x08, 0x29, 0x4A, 0x6B, 0x8C, 0xAD, 0xCE, 0xEF, 0x10 }; + + public static string Encrypt(string plainText) + { + byte[] clearBytes = Encoding.UTF8.GetBytes(plainText); + + using (Aes aes = Aes.Create()) + { + var pdb = new Rfc2898DeriveBytes(EncryptionKey, Salt); + aes.Key = pdb.GetBytes(32); + aes.GenerateIV(); // random IV each time + + using (var ms = new MemoryStream()) + { + // write IV to the start of the ciphertext + ms.Write(aes.IV, 0, aes.IV.Length); + + using (var cs = new CryptoStream(ms, aes.CreateEncryptor(), CryptoStreamMode.Write)) + { + cs.Write(clearBytes, 0, clearBytes.Length); + cs.FlushFinalBlock(); + } + + return Convert.ToBase64String(ms.ToArray()); + } + } + } + + public static string Decrypt(string cipherText) + { + byte[] fullCipher = Convert.FromBase64String(cipherText); + + using (Aes aes = Aes.Create()) + { + var pdb = new Rfc2898DeriveBytes(EncryptionKey, Salt); + aes.Key = pdb.GetBytes(32); + + // extract IV + byte[] iv = new byte[16]; + Array.Copy(fullCipher, 0, iv, 0, iv.Length); + aes.IV = iv; + + int cipherOffset = iv.Length; + int cipherCount = fullCipher.Length - cipherOffset; + + using (var ms = new MemoryStream()) + { + using (var cs = new CryptoStream(ms, aes.CreateDecryptor(), CryptoStreamMode.Write)) + { + cs.Write(fullCipher, cipherOffset, cipherCount); + cs.FlushFinalBlock(); + } + + return Encoding.UTF8.GetString(ms.ToArray()); + } + } + } + } + + } diff --git a/microservices/_layers/common/StartupExtensions.cs b/microservices/_layers/common/StartupExtensions.cs index 1f1d6b3..c690c33 100644 --- a/microservices/_layers/common/StartupExtensions.cs +++ b/microservices/_layers/common/StartupExtensions.cs @@ -13,13 +13,16 @@ namespace OnlineAssessment /// public static IServiceCollection AddDbConnections(this IServiceCollection services, IConfiguration configuration) { - string text = configuration.GetConnectionString("DefaultConnectionString"); - //string newConn = @"Server=94.249.213.139;Database=OA_UAT;User Id=sa;Password=Odiware@1234!;TrustServerCertificate=True;MultipleActiveResultSets=true"; - string newConn = @"Server=94.249.213.139;Database=OA_PROD;User Id=sa;Password=Odiware@1234!;TrustServerCertificate=True;MultipleActiveResultSets=true"; - string encString = Security.Encrypt(newConn); - string connection = Security.Decrypt(text); - + string connString1 = @"Server=94.249.213.139;Database=OA_STAGING;User Id=sa;Password=Odiware@1234!;TrustServerCertificate=True;MultipleActiveResultSets=true"; + string connection1 = AesEncryptionHelper.Encrypt(connString1); + + + string connString = configuration.GetConnectionString("DefaultConnectionString"); + string connection = AesEncryptionHelper.Decrypt(connString); + + //============================================ + return services .AddEntityFrameworkSqlServer() .AddDbContextPool((serviceProvider, optionsBuilder) => diff --git a/microservices/user/API.User.csproj b/microservices/user/API.User.csproj index ec486bb..73bf14a 100644 --- a/microservices/user/API.User.csproj +++ b/microservices/user/API.User.csproj @@ -103,6 +103,7 @@ + diff --git a/microservices/user/appsettings.Development.json b/microservices/user/appsettings.Development.json index 4931b88..b7baa97 100644 --- a/microservices/user/appsettings.Development.json +++ b/microservices/user/appsettings.Development.json @@ -4,8 +4,7 @@ }, "AllowedHosts": "*", "ConnectionStrings": { - "DefaultConnectionString": "CWl5kdPv3XVgCewNZ9xsMWbKUfspY55eD30t624CW5XFBxN2arokRw5kglCPdfNE9fc0xdbYTyXrFJ1s/KVEknD0+Zz3unUPUcZjqtJrgZaOSTpxPANvf3pERJbTDELV91SrUGHsY/VugofFmzMLPTgsv9tXeGSsK/YE0uPS1i6ekiEPjm3P7t3K8Eho4rtkS+2SRFLPNIgp/tBDJ7t71yoNYZzk+zoh58jS3WiZni6BeT37eNfgCcqNg/7Jn7wW6c3IcDll6Pbw7hlQvHvxX4Xl3YFEb2x+bPCZELacMC11548Ax0nnRumfdzryCDI/ohfO3ZMA/Fni4j0g5A8qiruTtM2wwfaaDNZAPLA2aJU=" - //"DefaultConnectionString": "B58MwWJom8ajCI4ia0DN+uXUcjx9/6VSwwwQLNRr0ALJmE2hmLwzJV6FYk3YezpmAQxcFLiBG1mToDKYxumHzWoyyr3/8JrMxcxJWctehH6XLaoreNgAG4pfVoNqXdy2LLDfxrh+MfXMe5vTzSRd/wgsiNcfFYzvoOA6ecg/K15a6/aM4CBWkylwwihQdCn/u567QL8IlAeUkPSM97dI6OGUYDzuGNoubGBDd2bBEKpY+HZ5gdF+hOxiC68XlkSykjk7vCDg5oIO2wNXvi2D0BmwEpXxhCMUFNaqJN7qpmo=" + "DefaultConnectionString": "3O5IBcQilkuCpSiL2/78srPWCHpYVGryBrDmdDH7ymmzevrvLYfgEbsScCZKknceXynyLeTn/5v0PJ4ddIyj6xF/wS+l7ElwqwaaGlpVEFNG4RetA1YQ/dKg92Y9czBU9QeEkT7DVwsBpb4LX+3X0uOd0VlQYhIQ1bmF0YNmlubv3O0k8c4UFM8sVzPexSIx8JuqhjWgfDw5sAgyKqvg/Q==" }, "Jwt": { "Key": "THIS_IS_ODIWARE_SECRET_KEY", diff --git a/microservices/user/appsettings.json b/microservices/user/appsettings.json index 4931b88..b7baa97 100644 --- a/microservices/user/appsettings.json +++ b/microservices/user/appsettings.json @@ -4,8 +4,7 @@ }, "AllowedHosts": "*", "ConnectionStrings": { - "DefaultConnectionString": "CWl5kdPv3XVgCewNZ9xsMWbKUfspY55eD30t624CW5XFBxN2arokRw5kglCPdfNE9fc0xdbYTyXrFJ1s/KVEknD0+Zz3unUPUcZjqtJrgZaOSTpxPANvf3pERJbTDELV91SrUGHsY/VugofFmzMLPTgsv9tXeGSsK/YE0uPS1i6ekiEPjm3P7t3K8Eho4rtkS+2SRFLPNIgp/tBDJ7t71yoNYZzk+zoh58jS3WiZni6BeT37eNfgCcqNg/7Jn7wW6c3IcDll6Pbw7hlQvHvxX4Xl3YFEb2x+bPCZELacMC11548Ax0nnRumfdzryCDI/ohfO3ZMA/Fni4j0g5A8qiruTtM2wwfaaDNZAPLA2aJU=" - //"DefaultConnectionString": "B58MwWJom8ajCI4ia0DN+uXUcjx9/6VSwwwQLNRr0ALJmE2hmLwzJV6FYk3YezpmAQxcFLiBG1mToDKYxumHzWoyyr3/8JrMxcxJWctehH6XLaoreNgAG4pfVoNqXdy2LLDfxrh+MfXMe5vTzSRd/wgsiNcfFYzvoOA6ecg/K15a6/aM4CBWkylwwihQdCn/u567QL8IlAeUkPSM97dI6OGUYDzuGNoubGBDd2bBEKpY+HZ5gdF+hOxiC68XlkSykjk7vCDg5oIO2wNXvi2D0BmwEpXxhCMUFNaqJN7qpmo=" + "DefaultConnectionString": "3O5IBcQilkuCpSiL2/78srPWCHpYVGryBrDmdDH7ymmzevrvLYfgEbsScCZKknceXynyLeTn/5v0PJ4ddIyj6xF/wS+l7ElwqwaaGlpVEFNG4RetA1YQ/dKg92Y9czBU9QeEkT7DVwsBpb4LX+3X0uOd0VlQYhIQ1bmF0YNmlubv3O0k8c4UFM8sVzPexSIx8JuqhjWgfDw5sAgyKqvg/Q==" }, "Jwt": { "Key": "THIS_IS_ODIWARE_SECRET_KEY", diff --git a/microservices/user/web.config b/microservices/user/web.config index e55022f..63f369c 100644 --- a/microservices/user/web.config +++ b/microservices/user/web.config @@ -18,7 +18,7 @@ - +