Poprawki

enovaApi.Proxy/ApiKey.cs

@@ -1,11 +1,23 @@
-namespace enovaApi.Proxy
+using System.Security.Cryptography;
+
+namespace enovaApi.Proxy
 {
     public class ApiKey
     {
+        public ApiKey()
+        {
+            GenerateKey();
+        }
+
         public string Key { get; set; } = string.Empty;
         public string Operator { get; set; } = string.Empty;
         public string Password { get; set; } = string.Empty;
 
+        public void GenerateKey()
+        {
+            Key = Convert.ToBase64String(RandomNumberGenerator.GetBytes(32));
+        }
+
         public override string ToString()
         {
             return $"{Operator} has key {Key}";

enovaApi.Proxy/Controllers/ApiController.cs

@@ -28,9 +28,9 @@ public async Task<object> Post()
         {
             var body = await Request.Body.GetString();
             var jObject = JObject.Parse(body);
-            if (jObject["ApiKey"] != null)
+            var key = jObject["ApiKey"];
+            if (key != null)
             {
-                var key = jObject["ApiKey"];
                 jObject.Remove("ApiKey");
                 jObject.Remove("Operator");
                 jObject.Remove("Password");

enovaApi.Proxy/Controllers/KeysController.cs

@@ -16,19 +16,33 @@ public KeysController(IConfiguration configuration)
         private readonly Keys keys;
 
         [HttpPost]
-        public string CreateKey(string oper, string password)
+        public string CreateKey(string oper, string password, bool regenerate)
         {
-            var key = new ApiKey()
+            ApiKey apiKey = keys.ApiKeys.FirstOrDefault(x => x.Operator == oper);
+            if (apiKey != null)
             {
-                Key = Guid.NewGuid().ToString("N"),
-                Operator = oper,
-                Password = Cryptography.Encrypt(password)
-            };
-            keys.ApiKeys.Add(key);
+                if (regenerate)
+                {
+                    apiKey.GenerateKey();
+                }
+                else
+                {
+                    return new JObject(new JProperty("Message", $"Api key for {oper} was generated. Set regenerate parameter to true to regenerate key.")).ToString();
+                }
+            }
+            else
+            {
+                apiKey = new ApiKey()
+                {
+                    Operator = oper,
+                    Password = Cryptography.Encrypt(password)
+                };
+                keys.ApiKeys.Add(apiKey);
+            }
 
             System.IO.File.WriteAllText("keys.json", JObject.FromObject(keys).ToString(), Encoding.UTF8);
 
-            return key.Key;
+            return new JObject(new JProperty("Key", apiKey.Key)).ToString();
         }
     }
 }

enovaApi.Proxy/Cryptography.cs

@@ -7,14 +7,40 @@ public static class Cryptography
     {
         private static Aes Aes { get; } = Aes.Create();
 
+        internal static void Configure()
+        {
+            Aes.BlockSize = 128;
+            Aes.KeySize = 256;
+        }
+
         public static void SetIV(string iv)
         {
-            Aes.IV = Convert.FromBase64String(iv);
+            byte[] encodedIv;
+            try
+            {
+                encodedIv = Convert.FromBase64String(iv);
+            }
+            catch
+            {
+                // add some log
+                throw;
+            }
+            Aes.IV = encodedIv;
         }
 
         public static void SetKey(string key)
         {
-            Aes.Key = Convert.FromBase64String(key);
+            byte[] encodedKey;
+            try
+            {
+                encodedKey = Convert.FromBase64String(key);
+            }
+            catch
+            {
+                // add some log
+                throw;
+            }
+            Aes.Key = encodedKey;
         }
 
         public static string Decrypt(string base64cipher)

enovaApi.Proxy/Program.cs

@@ -1,4 +1,13 @@
 using enovaApi.Proxy;
+using Microsoft.Extensions.Configuration;
+
+Cryptography.Configure();
+if (args.Contains("--generateCrypto"))
+{
+    Console.WriteLine($"IV: {Cryptography.GetIV()}");
+    Console.WriteLine($"Key: {Cryptography.GetKey()}");
+    Environment.Exit(0);
+}
 
 var builder = WebApplication.CreateBuilder(args);
 // Add services to the container.
@@ -8,6 +17,7 @@
 builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddSwaggerGen();
 
+
 builder.WebHost.UseKestrel();
 if (args.Any(x => x.StartsWith("--urls")))
 {
@@ -24,9 +34,10 @@
     app.UseSwaggerUI();
 }
 
+
 // key and iv can be changed by Cryptography.GetIV() and Cryptography.GetKey() then replaced below
-Cryptography.SetIV("WfEwqyJ4Pm3b0F6nnrLLKQ==");
-Cryptography.SetKey("BJaVbPFXNBN59bZCn1ORpKTH7b7UrJ4zj7KFBrHMaSk=");
+Cryptography.SetIV(builder.Configuration.GetValue<string>("IV") ?? throw new Exception("IV value cannot be null."));
+Cryptography.SetKey(builder.Configuration.GetValue<string>("Key") ?? throw new Exception("Key value cannot be null"));
 
 app.UseHttpsRedirection();
 

enovaApi.Proxy/appsettings.json

@@ -6,5 +6,7 @@
     }
   },
   "AllowedHosts": "*",
-  "enovaUrl": "http://localhost:5000/"
+  "enovaUrl": "http://localhost:5000/",
+  "IV": "WfEwqyJ4Pm3b0F6nnrLLKQ==",
+  "Key": "BJaVbPFXNBN59bZCn1ORpKTH7b7UrJ4zj7KFBrHMaSk="
 }

enovaApi.Proxy/enovaApi.Proxy.csproj

@@ -5,12 +5,13 @@
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
     <Copyright>Krzysztof Krupa</Copyright>
+    <Version>1.0.1</Version>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="7.0.3" />
-    <PackageReference Include="Newtonsoft.Json" Version="13.0.2" />
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="7.0.4" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
   </ItemGroup>
 
 </Project>

enovaApi.Proxy/keys.json

@@ -1,9 +1,9 @@
 {
   "ApiKeys": [
     {
-      "Key": "57cc175a465348149e7b1e1ef8c347a2",
+      "Key": "oK/7zSEXoy2ItM6Z+PPDac+dgyOmWD/9ITQHbu5hHU8=",
       "Operator": "webapi",
-      "Password": "3Bqb4znDxeB0rJfguEDsdHKTAgRqQ0NzyL3GZk/j1Cw="
+      "Password": "RD7M5Y9f4EQAkNxp0w1FUg=="
     }
   ]
 }