From 2afda3440d8bdbcff6939f989eac8d5caddb731d Mon Sep 17 00:00:00 2001 From: mdvir Date: Thu, 22 Jul 2021 12:56:56 +0300 Subject: [PATCH 01/14] v1.0 --- microsoft-365-dke/.devcontainer/build.sh | 7 - microsoft-365-dke/.devcontainer/data/start.sh | 56 - microsoft-365-dke/.devcontainer/env | 7 - .../.devcontainer/privkeynopass.pem | 27 - .../.devcontainer/pubkeyonly.pem | Bin 922 -> 0 bytes microsoft-365-dke/.devcontainer/run.sh | 14 - microsoft-365-dke/.vscode/launch.json | 4 +- microsoft-365-dke/.vscode/tasks.json | 6 +- microsoft-365-dke/README.md | 4 +- .../{.devcontainer => docker}/Dockerfile | 31 +- microsoft-365-dke/docker/build.sh | 9 + .../data => docker}/create_client_template.sh | 0 .../data => docker}/create_partition.sh | 0 .../data => docker}/register_new_client.sh | 0 .../register_new_client_ephemeral.sh | 0 .../data => docker}/run_encrypt_demo.sh | 0 .../{.devcontainer => docker}/sshd_config | 0 .../start.sh} | 14 +- .../wait_for_ukc_cluster_to_start.sh | 0 .../src/customer-key-store/Models/TestKey.cs | 144 - .../customer-key-store/Models/TestStore.cs | 231 - .../Properties/AssemblyInfo.cs | 36 - .../src/customer-key-store/appsettings.json | 27 - .../customer-key-store/published/App.config | 6 - .../published/appsettings.Development.json | 14 - .../published/appsettings.json | 31 - .../published/customerkeystore | Bin 90680 -> 0 bytes .../published/customerkeystore.deps.json | 5041 ----------------- .../published/customerkeystore.dll.config | 6 - .../customerkeystore.runtimeconfig.json | 12 - .../published/customerkeystore.xml | 8 - .../native/System.IO.Ports.Native.so | Bin 10120 -> 0 bytes .../native/System.IO.Ports.Native.so | Bin 68144 -> 0 bytes .../native/System.IO.Ports.Native.so | Bin 14608 -> 0 bytes .../native/System.IO.Ports.Native.dylib | Bin 13396 -> 0 bytes .../customer-key-store/published/web.config | 11 - .../scripts/key_store_tester.ps1 | 162 - .../App.config | 0 .../CodeAnalysisRuleSet.ruleset | 0 .../Controllers/KeysController.cs | 4 +- .../Library/CK.cs | 0 .../Library/CKR_Exception.cs | 0 .../Library/CK_ATTRIBUTE.cs | 0 .../Library/CK_INFO.cs | 0 .../Library/CK_MECHANISM.cs | 0 .../Library/CK_MECHANISM_INFO.cs | 0 .../Library/CK_OBJECT_HANDLE.cs | 0 .../Library/CK_SESSION_HANDLE.cs | 0 .../Library/CK_SESSION_INFO.cs | 0 .../Library/CK_SLOT_ID.cs | 0 .../Library/CK_SLOT_INFO.cs | 0 .../Library/CK_TOKEN_INFO.cs | 0 .../Library/CK_VERSION.cs | 0 .../Library/Library.cs | 0 .../Library/LibraryUnix.cs | 0 .../Library/LibraryWindows.cs | 0 .../Library/MechParams/CK_AES_CTR_PARAMS.cs | 0 .../Library/MechParams/CK_CCM_PARAMS.cs | 0 .../MechParams/CK_ECDH1_DERIVE_PARAMS.cs | 0 .../Library/MechParams/CK_GCM_PARAMS.cs | 0 .../CK_KEY_DERIVATION_STRING_DATA.cs | 0 .../MechParams/CK_RSA_PKCS_OAEP_PARAMS.cs | 0 .../MechParams/CK_RSA_PKCS_PSS_PARAMS.cs | 0 .../Library/MechParams/DYCK_AES_SIV_PARAMS.cs | 0 .../MechParams/DYCK_DERIVE_BIP_PARAMS.cs | 0 .../Library/MechParams/DYCK_FPE_PARAMS.cs | 0 .../DYCK_NIST_KDF_CMAC_CTR_PARAMS.cs | 0 .../Library/MechParams/DYCK_PRF_PARAMS.cs | 0 .../Library/MechParams/DYCK_SPE_PARAMS.cs | 0 .../Models/Authorizer.cs | 0 .../Models/DecryptedData.cs | 0 .../Models/EmailAuthorizer.cs | 2 +- .../Models/EncryptedData.cs | 0 .../Models/Key.cs | 0 .../Models/KeyAccessException.cs | 2 +- .../Models/KeyData.cs | 0 .../Models/KeyManager.cs | 43 +- .../Models/KeyStore.cs | 0 .../Models/PublicKey.cs | 0 .../Models/RoleAuthorizer.cs | 2 +- .../Models/extensions.cs | 0 .../Program.cs | 2 +- .../Properties/launchSettings.json | 0 .../Startup.cs | 3 +- .../appsettings.Development.json | 0 .../src/unbound-key-store/appsettings.json | 18 + .../root@127.0.0.1 | Bin .../unboundkeystore.csproj} | 0 88 files changed, 62 insertions(+), 5922 deletions(-) delete mode 100755 microsoft-365-dke/.devcontainer/build.sh delete mode 100644 microsoft-365-dke/.devcontainer/data/start.sh delete mode 100644 microsoft-365-dke/.devcontainer/env delete mode 100644 microsoft-365-dke/.devcontainer/privkeynopass.pem delete mode 100644 microsoft-365-dke/.devcontainer/pubkeyonly.pem delete mode 100755 microsoft-365-dke/.devcontainer/run.sh rename microsoft-365-dke/{.devcontainer => docker}/Dockerfile (67%) create mode 100755 microsoft-365-dke/docker/build.sh rename microsoft-365-dke/{.devcontainer/data => docker}/create_client_template.sh (100%) rename microsoft-365-dke/{.devcontainer/data => docker}/create_partition.sh (100%) rename microsoft-365-dke/{.devcontainer/data => docker}/register_new_client.sh (100%) rename microsoft-365-dke/{.devcontainer/data => docker}/register_new_client_ephemeral.sh (100%) rename microsoft-365-dke/{.devcontainer/data => docker}/run_encrypt_demo.sh (100%) rename microsoft-365-dke/{.devcontainer => docker}/sshd_config (100%) rename microsoft-365-dke/{.devcontainer/data/start_for_container.sh => docker/start.sh} (54%) rename microsoft-365-dke/{.devcontainer/data => docker}/wait_for_ukc_cluster_to_start.sh (100%) delete mode 100644 microsoft-365-dke/src/customer-key-store/Models/TestKey.cs delete mode 100644 microsoft-365-dke/src/customer-key-store/Models/TestStore.cs delete mode 100644 microsoft-365-dke/src/customer-key-store/Properties/AssemblyInfo.cs delete mode 100644 microsoft-365-dke/src/customer-key-store/appsettings.json delete mode 100644 microsoft-365-dke/src/customer-key-store/published/App.config delete mode 100644 microsoft-365-dke/src/customer-key-store/published/appsettings.Development.json delete mode 100644 microsoft-365-dke/src/customer-key-store/published/appsettings.json delete mode 100755 microsoft-365-dke/src/customer-key-store/published/customerkeystore delete mode 100644 microsoft-365-dke/src/customer-key-store/published/customerkeystore.deps.json delete mode 100644 microsoft-365-dke/src/customer-key-store/published/customerkeystore.dll.config delete mode 100644 microsoft-365-dke/src/customer-key-store/published/customerkeystore.runtimeconfig.json delete mode 100644 microsoft-365-dke/src/customer-key-store/published/customerkeystore.xml delete mode 100755 microsoft-365-dke/src/customer-key-store/published/runtimes/linux-arm/native/System.IO.Ports.Native.so delete mode 100755 microsoft-365-dke/src/customer-key-store/published/runtimes/linux-arm64/native/System.IO.Ports.Native.so delete mode 100755 microsoft-365-dke/src/customer-key-store/published/runtimes/linux-x64/native/System.IO.Ports.Native.so delete mode 100755 microsoft-365-dke/src/customer-key-store/published/runtimes/osx-x64/native/System.IO.Ports.Native.dylib delete mode 100644 microsoft-365-dke/src/customer-key-store/published/web.config delete mode 100644 microsoft-365-dke/src/customer-key-store/scripts/key_store_tester.ps1 rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/App.config (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/CodeAnalysisRuleSet.ruleset (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Controllers/KeysController.cs (91%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/CK.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/CKR_Exception.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/CK_ATTRIBUTE.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/CK_INFO.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/CK_MECHANISM.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/CK_MECHANISM_INFO.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/CK_OBJECT_HANDLE.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/CK_SESSION_HANDLE.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/CK_SESSION_INFO.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/CK_SLOT_ID.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/CK_SLOT_INFO.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/CK_TOKEN_INFO.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/CK_VERSION.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/Library.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/LibraryUnix.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/LibraryWindows.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/MechParams/CK_AES_CTR_PARAMS.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/MechParams/CK_CCM_PARAMS.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/MechParams/CK_ECDH1_DERIVE_PARAMS.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/MechParams/CK_GCM_PARAMS.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/MechParams/CK_KEY_DERIVATION_STRING_DATA.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/MechParams/CK_RSA_PKCS_OAEP_PARAMS.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/MechParams/CK_RSA_PKCS_PSS_PARAMS.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/MechParams/DYCK_AES_SIV_PARAMS.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/MechParams/DYCK_DERIVE_BIP_PARAMS.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/MechParams/DYCK_FPE_PARAMS.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/MechParams/DYCK_NIST_KDF_CMAC_CTR_PARAMS.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/MechParams/DYCK_PRF_PARAMS.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Library/MechParams/DYCK_SPE_PARAMS.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Models/Authorizer.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Models/DecryptedData.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Models/EmailAuthorizer.cs (90%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Models/EncryptedData.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Models/Key.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Models/KeyAccessException.cs (92%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Models/KeyData.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Models/KeyManager.cs (80%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Models/KeyStore.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Models/PublicKey.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Models/RoleAuthorizer.cs (94%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Models/extensions.cs (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Program.cs (92%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Properties/launchSettings.json (100%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/Startup.cs (95%) rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/appsettings.Development.json (100%) create mode 100644 microsoft-365-dke/src/unbound-key-store/appsettings.json rename microsoft-365-dke/src/{customer-key-store => unbound-key-store}/root@127.0.0.1 (100%) rename microsoft-365-dke/src/{customer-key-store/customerkeystore.csproj => unbound-key-store/unboundkeystore.csproj} (100%) diff --git a/microsoft-365-dke/.devcontainer/build.sh b/microsoft-365-dke/.devcontainer/build.sh deleted file mode 100755 index e761bd2..0000000 --- a/microsoft-365-dke/.devcontainer/build.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -docker build \ ---build-arg UKC_CLIENT_INSTALLER_URL=/root/data/ekm-client-2.0.2010.38445-el7+el8.x86_64.rpm \ --t unboundukc/ukc-client:demo-java-encrypt \ --f ./Dockerfile .. - - diff --git a/microsoft-365-dke/.devcontainer/data/start.sh b/microsoft-365-dke/.devcontainer/data/start.sh deleted file mode 100644 index b26d304..0000000 --- a/microsoft-365-dke/.devcontainer/data/start.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash -set -e - -# Common utilities and clean -echo 'alias ll="ls -l"' >> ~/.bashrc - apt-get update -y - apt-get install curl - apt-get install -y policycoreutils-python-utils - apt-get install libssl-dev - apt-get clean -y - -# JQ - Json parser -curl -LO# https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64; \ - mv ./jq-linux64 ./jq - chmod +x ./jq - mv jq /usr/bin - -echo "installing UKC client" -cd "/home/site/wwwroot/data" -dpkg -i ekm-client_2.0.2010.38476.deb9_amd64.deb -echo "UKC Client Installed successfully" - -apt-get update -apt-get install -y --allow-unauthenticated libc6-dev -apt-get install -y --allow-unauthenticated libgdiplus -apt-get install -y --allow-unauthenticated libx11-dev -rm -rf /var/lib/apt/lists/* - -# params for ukc -export EP_HOST_NAME="ep1" -export KC_CRYPTO_USER="encrypter" -export UKC_CRYPTO_USER_PASSWORD="Password1!" -export UKC_PARTITION="test" -export UKC_SO_PASSWORD="Unbound1!" -export UKC_PASSWORD="Unbound1!" - -echo "servers=$EP_HOST_NAME">/etc/ekm/client.conf - -echo "54.174.121.27 ep1" >> /etc/hosts - -sh wait_for_ukc_cluster_to_start.sh -sh create_partition.sh -sh register_new_client.sh -cd "/home/site/wwwroot/" - - -############## - -export PORT=8080 - -export ASPNETCORE_URLS=http://*:$PORT - -echo Trying to find the startup DLL name... -echo Found the startup D name: customerkeystore.dll -echo 'Running the command: dotnet "customerkeystore.dll"' -dotnet "customerkeystore.dll" \ No newline at end of file diff --git a/microsoft-365-dke/.devcontainer/env b/microsoft-365-dke/.devcontainer/env deleted file mode 100644 index 9383e52..0000000 --- a/microsoft-365-dke/.devcontainer/env +++ /dev/null @@ -1,7 +0,0 @@ -UKC_PARTITION=test -EP_HOST_NAME=ukc-ep -UKC_SO_PASSWORD=Unbound1! -UKC_CRYPTO_USER=user -UKC_CRYPTO_USER_PASSWORD= -CLIENT_TEMPLATE_ACTIVATION_CODE=4767527256228252 -CLIENT_TEMPLATE_NAME=template_1 \ No newline at end of file diff --git a/microsoft-365-dke/.devcontainer/privkeynopass.pem b/microsoft-365-dke/.devcontainer/privkeynopass.pem deleted file mode 100644 index d380309..0000000 --- a/microsoft-365-dke/.devcontainer/privkeynopass.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAuYxSjCALurb2RLu2CnRenIRNUTtLjHACz2q/3EU6rEEoG8T1 -nKtDES4eY0ou1hKSboJfEfCJpsBizYPrdQTCTJb9HSrhU2VmcLMio1Eymns/KsBX -EDs6bpJ6tzTBIOm/0fMDCYfs3zycG1VXkklIFCMA66n4LqmVXjjuzNUJG6zy4cbH -3BnqvFZTphJuRnwNhixm0UpGOcP4MdugnXr722qIL1VgfmRyWgwunbair6cE1fQV -5qMyxB/kl8zkfBk5e0tsf0E+FDvQIjKEkZBYNecg6oXwsd6GoHFdRwPLb/tHVDVI -ggjECTHIkY+QVORVv9KxrKFWHLobrn8cnazuVwIDAQABAoIBAQCd0cPYmd1AKCUZ -20uAYvCiUkntQPEGd7N8NsEQGvZH03fI/uMmKel2sHJ6Y3uo680PH+a7PIvogJTJ -V16rfqvBN1/9Mh7Lr2DNlSBuJz9SdGgK9eRX0vjlWcP1FnL6ird0XS2FKs8IJeZl -vVYqABjFv+wlhsGo9ucsaGJ9aOpBVYtQdtUyaAkWVbw5Z/1O5X0V8Buuw3u+wJtM -clAjYlmh2vcrA9R2GBU9mPnPD1cV7hVhqIg1c2ihUKTGFvaqvdb0Y1yqswCiE/4d -0rP71QbQEoU+hWggbnh3O81nYchqPNrvXKHrZJy1KH5aarHAwTjS/i0cZCstCiVz -NgHXjVShAoGBAOWy0U/7NJT2coTX3rEcEsxAdbV7eG5mJylBq9bSxH7r1vqTQFfK -hLdIsYfZRlhTkGD5/Upa2X7C9uCGOXRhXhgnA3my7oVSOJEx3dbCcUEl+G2yAHGf -osVTuCX9k3CSgE0Lo4ZjFl0+KuYji6wgFIjSx2WBuNGnYtknY+CX24NnAoGBAM7L -UbcCtG1c7dJPFKFvyCi/EwSAYdyXsUgQt5hZrzj9IXYiBce0i+p90HYKayVs8TD8 -89CvZTWm931q6kYr7qLzndZTBwRv+CPpqc1JyYYvxntoaxYkdVTvsk0jHRNM0LNY -vdcniXnimphwuE/SBcAmC9pNk2gRCNOq6qjHpNeRAoGAExdMrFAdq6/cDsx+VswV -h+JnpiDP/qUA5j3uEVnNORtS79qjQ2iypSUmlDrrzNWNL3I3qiFo6E8+A6VESzb4 -ghtj/45uoqgVyYOSg5H/pcGJJ1zfCpKRDcOKj6XGxll2znCEM9wydKeBG0WjCzhT -XJfgOMCSYuJ9pbzPYVBdz0sCgYBwm/dbmXV3OGupYrbxUlXFGofYo7Cm11QK0k+n -/u6UMgPOuKg9H+wxPWIPZY0DTFfrPVPoCBstJEcRXO9GVxYUVmVVGNFxcSfHJq74 -w32iPNHw0eO+owvhvMVzi/OBVwsvHtwCFd2fKe7VpEw56zyGbjF2J1hmCyCrYx91 -2YHCgQKBgQDX8YpwF/kJeQaS1mq9llK/uzHhKMuikgWMXzwgEDR+TGioSBR76mC6 -LibQBobZ1Dkbx3kqUMx3aR6yblHt51tuN4vVH2rYgwk5BCZEhIjJKNXLB4lut/5t -rx7APRLbTA/51pd15YxVYVQ2OWS9sHe4ns9s+HtuhLkQlnJC7zRzbw== ------END RSA PRIVATE KEY----- diff --git a/microsoft-365-dke/.devcontainer/pubkeyonly.pem b/microsoft-365-dke/.devcontainer/pubkeyonly.pem deleted file mode 100644 index ce027dacd2a975544e9df5f10d2143690c72a1a9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 922 zcma)*$x^~V6h-gaD*wT~MKP!mmxMt=2$K-Oor!`H2^d6%k5^B3iEArWq5Jin-b?fS zmDBNYRoAUNb#$hlMsn3=S7qmOGWo;hbgB~toOxh8%~gTpYNkZ*dg1+w&W*MzP_3vB zyTNZoUDV9J%=^f%!t;OYb?O_OcDh5=VB737MJj1v*Cnbc>t~xG#eIPHNJD*aK35Y? zRR{3z%IgB>ksK82JWEoQK^9T)!PltW=@P98NtZYkN$*pO*tIm}e2Q92E3N6|72OGw z$@D}ILr%;bhMY%q+k}_FAK@Kpp_n`YoF%Gt?Wv@w44%`(A4tWk}nR#}> z=1DY#U&Cd>YE3T(RAPE4qCaNJiQYh)3=L2LojW`!9kuCxVNr8tvVm!4)Pn0+l}mIY z5?|n#g8f9{0rwU8Ti^#&w{Tv_zeA}2dj-1-uZMoX1U7uPlpL9^ZHAJaxrevOHzV@` zoxSc^Z$YOxKBAYAA*TBxh(5?G`~z@1vgB<~Wilq5y1cLWIt6C4W?z7HPSP5A`}W?M zdzp~jWkzNW9ndj;4pSfFx+bSX?j^l8SP!W6NEqStK`lfpL}|t|N2|&Vn(Pzw&TYCb zoDjbozT1xMK05bc+Gs}XQ*Knu`;p8Wn<2!*L)YB%3du~a<3B8iM~Acj{J(wxCry$a diff --git a/microsoft-365-dke/.devcontainer/run.sh b/microsoft-365-dke/.devcontainer/run.sh deleted file mode 100755 index db2894c..0000000 --- a/microsoft-365-dke/.devcontainer/run.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -docker rm -f ukc-client -# docker run --env EP_HOST_NAME=ep --name ukc-client \ -# --env UKC_SO_PASSWORD=Unbound1! \ -# --add-host : \ -# -i unboundukc/ukc-client:demo-java-encrypt - -docker run --name ukc-client \ - --network=vhsm_unbound \ - --env-file=env \ - -t -i unboundukc/ukc-client:demo-java-encrypt - - #command to run docker image -#docker run -dit --env EP_HOST_NAME=ep1:8443 --env UKC_PARTITION:test --env UKC_SO_PASSWORD:Unbound1! --env UKC_PASSWORD:Unbound1! vsc-microsoft-365-dke-e97c3a9132f476c39eebfcec6a51c345 /root/data/start.sh \ No newline at end of file diff --git a/microsoft-365-dke/.vscode/launch.json b/microsoft-365-dke/.vscode/launch.json index 56f3e7f..d624e42 100644 --- a/microsoft-365-dke/.vscode/launch.json +++ b/microsoft-365-dke/.vscode/launch.json @@ -10,9 +10,9 @@ "request": "launch", "preLaunchTask": "build", // If you have changed target frameworks, make sure to update the program path. - "program": "${workspaceFolder}/src/customer-key-store/bin/Debug/netcoreapp3.1/customerkeystore.dll", + "program": "${workspaceFolder}/src/unbound-key-store/bin/Debug/netcoreapp3.1/unboundkeystore.dll", "args": [], - "cwd": "${workspaceFolder}/src/customer-key-store", + "cwd": "${workspaceFolder}/src/unbound-key-store", "stopAtEntry": false, // Enable launching a web browser when ASP.NET Core starts. For more information: https://aka.ms/VSCode-CS-LaunchJson-WebBrowser "serverReadyAction": { diff --git a/microsoft-365-dke/.vscode/tasks.json b/microsoft-365-dke/.vscode/tasks.json index 1b33e9a..d9db031 100644 --- a/microsoft-365-dke/.vscode/tasks.json +++ b/microsoft-365-dke/.vscode/tasks.json @@ -7,7 +7,7 @@ "type": "process", "args": [ "build", - "${workspaceFolder}/src/customer-key-store/customerkeystore.csproj", + "${workspaceFolder}/src/unbound-key-store/unboundkeystore.csproj", "/property:GenerateFullPaths=true", "/consoleloggerparameters:NoSummary" ], @@ -19,7 +19,7 @@ "type": "process", "args": [ "publish", - "${workspaceFolder}/src/customer-key-store/customerkeystore.csproj", + "${workspaceFolder}/src/unbound-key-store/unboundkeystore.csproj", "/property:GenerateFullPaths=true", "/consoleloggerparameters:NoSummary" ], @@ -32,7 +32,7 @@ "args": [ "watch", "run", - "${workspaceFolder}/src/customer-key-store/customerkeystore.csproj", + "${workspaceFolder}/src/unbound-key-store/unboundkeystore.csproj", "/property:GenerateFullPaths=true", "/consoleloggerparameters:NoSummary" ], diff --git a/microsoft-365-dke/README.md b/microsoft-365-dke/README.md index a59163c..6c84c07 100644 --- a/microsoft-365-dke/README.md +++ b/microsoft-365-dke/README.md @@ -82,9 +82,7 @@ Repeat these steps, but this time, define the client ID as c00e9d32-3c8d-4a7d-83 # Build the project -1. goto : /src/customer-key-store/Models/TestStore.cs Line 17,18 -replace ukcKeyName=""; - ukcKeyUid=""; + 3. open appsettings.json file a. Locate the ValidIssuers setting and replace with your tenant ID. You can locate your tenant ID by going to the Azure portal and viewing the tenant properties. for example "https://sts.windows.net//" b. Locate the JwtAudience setting and replace with the hostname of the machine where the DKE service will run diff --git a/microsoft-365-dke/.devcontainer/Dockerfile b/microsoft-365-dke/docker/Dockerfile similarity index 67% rename from microsoft-365-dke/.devcontainer/Dockerfile rename to microsoft-365-dke/docker/Dockerfile index b8faa42..b4c4f6f 100644 --- a/microsoft-365-dke/.devcontainer/Dockerfile +++ b/microsoft-365-dke/docker/Dockerfile @@ -22,21 +22,19 @@ RUN curl -LO# https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 mv jq /usr/bin RUN mkdir /root/data -COPY data /root/data +COPY . /root/data ARG UKC_CLIENT_INSTALLER_URL -RUN echo "Downloading UKC client install file: $UKC_CLIENT_INSTALLER_URL"; - -RUN sudo apt install /root/data/ekm-client_2.0.2010.38476.deb9_amd64.deb; \ - rm $(basename /root/data/ekm-client_2.0.2010.38476.deb9_amd64.deb); \ +RUN echo "Downloading ${UKC_CLIENT_INSTALLER_URL}"; \ + curl -O# "${UKC_CLIENT_INSTALLER_URL}"; \ + echo "Installing $(basename ${UKC_CLIENT_INSTALLER_URL})"; \ + sudo apt install $(basename "${UKC_CLIENT_INSTALLER_URL}"); \ + rm $(basename "${UKC_CLIENT_INSTALLER_URL}"); \ echo "UKC Client Installed successfully" -RUN chmod +x /root/data/*.sh; - -#RUN mkdir /root/demo -#COPY ./src /root/demo/ - + +RUN chmod +x /root/data/*.sh; ###################################### @@ -55,23 +53,12 @@ RUN apt-get update \ COPY sshd_config /etc/ssh/ - -#COPY netcoreapp3.1 /root/data -RUN mkdir /root/data/published -COPY publish /root/data/published - ENV PORT 8080 EXPOSE 2222 8080 ENV ASPNETCORE_URLS "http://*:${PORT}" -#ENTRYPOINT ["dotnet", "/root/data/published/customerkeystore.dll"] -#ENTRYPOINT ["/bin/bash", "/root/data/start_test.sh"] -CMD "/root/data/start_for_container.sh" -#CMD ["bash"] - -#ENTRYPOINT ["tail", "-f", "/dev/null"] -#ENTRYPOINT ["/root/data/start_for_container.sh"] +CMD "/root/data/start.sh" diff --git a/microsoft-365-dke/docker/build.sh b/microsoft-365-dke/docker/build.sh new file mode 100755 index 0000000..fb981a4 --- /dev/null +++ b/microsoft-365-dke/docker/build.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +install_url="https://repo.dyadicsec.local/cust/autotest/ekm/2.0.2103.39708/linux/ekm-client_2.0.2103.39708.deb9_amd64.deb" +tag="unboundukc/ms-dke-service:latest" + +docker build -t $tag --no-cache \ +--build-arg UKC_CLIENT_INSTALLER_URL=$install_url \ +$(dirname "$0") + diff --git a/microsoft-365-dke/.devcontainer/data/create_client_template.sh b/microsoft-365-dke/docker/create_client_template.sh similarity index 100% rename from microsoft-365-dke/.devcontainer/data/create_client_template.sh rename to microsoft-365-dke/docker/create_client_template.sh diff --git a/microsoft-365-dke/.devcontainer/data/create_partition.sh b/microsoft-365-dke/docker/create_partition.sh similarity index 100% rename from microsoft-365-dke/.devcontainer/data/create_partition.sh rename to microsoft-365-dke/docker/create_partition.sh diff --git a/microsoft-365-dke/.devcontainer/data/register_new_client.sh b/microsoft-365-dke/docker/register_new_client.sh similarity index 100% rename from microsoft-365-dke/.devcontainer/data/register_new_client.sh rename to microsoft-365-dke/docker/register_new_client.sh diff --git a/microsoft-365-dke/.devcontainer/data/register_new_client_ephemeral.sh b/microsoft-365-dke/docker/register_new_client_ephemeral.sh similarity index 100% rename from microsoft-365-dke/.devcontainer/data/register_new_client_ephemeral.sh rename to microsoft-365-dke/docker/register_new_client_ephemeral.sh diff --git a/microsoft-365-dke/.devcontainer/data/run_encrypt_demo.sh b/microsoft-365-dke/docker/run_encrypt_demo.sh similarity index 100% rename from microsoft-365-dke/.devcontainer/data/run_encrypt_demo.sh rename to microsoft-365-dke/docker/run_encrypt_demo.sh diff --git a/microsoft-365-dke/.devcontainer/sshd_config b/microsoft-365-dke/docker/sshd_config similarity index 100% rename from microsoft-365-dke/.devcontainer/sshd_config rename to microsoft-365-dke/docker/sshd_config diff --git a/microsoft-365-dke/.devcontainer/data/start_for_container.sh b/microsoft-365-dke/docker/start.sh similarity index 54% rename from microsoft-365-dke/.devcontainer/data/start_for_container.sh rename to microsoft-365-dke/docker/start.sh index eb9c588..57cce3e 100644 --- a/microsoft-365-dke/.devcontainer/data/start_for_container.sh +++ b/microsoft-365-dke/docker/start.sh @@ -1,18 +1,10 @@ #!/bin/bash -# This script is used in the postCreateCommand of the Visual Studio Code Dev Container set -x export PORT=8080 export ASPNETCORE_URLS=http://*:$PORT -# configure env params -# export EP_HOST_NAME="ep1" -# export UKC_PARTITION="test" -# export UKC_SO_PASSWORD="Unbound1!" -# export UKC_PASSWORD="Unbound1!" -# export UKC_SERVER_IP="54.174.121.27" - echo "servers=$EP_HOST_NAME">/etc/ekm/client.conf echo "$UKC_SERVER_IP ep1" >> /etc/hosts @@ -24,10 +16,8 @@ sh /root/data/create_partition.sh # Register UKC client - establish secure connection with PKCS11 #sh /root/data/register_new_client_ephemeral.sh sh /root/data/register_new_client.sh -cd /root/data/published +cd /root/data/publish service ssh start -dotnet customerkeystore.dll - -#tail -f /dev/null #keep container running \ No newline at end of file +dotnet unboundkeystore.dll \ No newline at end of file diff --git a/microsoft-365-dke/.devcontainer/data/wait_for_ukc_cluster_to_start.sh b/microsoft-365-dke/docker/wait_for_ukc_cluster_to_start.sh similarity index 100% rename from microsoft-365-dke/.devcontainer/data/wait_for_ukc_cluster_to_start.sh rename to microsoft-365-dke/docker/wait_for_ukc_cluster_to_start.sh diff --git a/microsoft-365-dke/src/customer-key-store/Models/TestKey.cs b/microsoft-365-dke/src/customer-key-store/Models/TestKey.cs deleted file mode 100644 index bb6abf6..0000000 --- a/microsoft-365-dke/src/customer-key-store/Models/TestKey.cs +++ /dev/null @@ -1,144 +0,0 @@ -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -namespace Microsoft.InformationProtection.Web.Models -{ - using System; - using Microsoft.InformationProtection.Web.Models.Extensions; - using sg = System.Globalization; - using System.Security.Cryptography; - using System.Text; - - - public class TestKey : IKey - { - private string privateKeyPem; - private string publicKeyPem; - private PublicKey storedPublicKey = null; - private System.Security.Cryptography.RSA cryptoEngine = null; - - public TestKey(string publicKey, string privateKey) - { - publicKeyPem = publicKey; - privateKeyPem = privateKey; - } - - public PublicKey GetPublicKey() - { - IntializeCrypto(); - - return storedPublicKey; - } - - //TODO: should remove this function - public byte[] Decrypt(byte[] encryptedData) - { - //Create a UnicodeEncoder to convert between byte array and string. - ASCIIEncoding ByteConverter = new ASCIIEncoding(); - - //string dataString = "michael"; - - //Create byte arrays to hold original, encrypted, and decrypted data. - byte[] dataToEncrypt = encryptedData; - byte[] encryptedData2; - byte[] decryptedData2; - - IntializeCrypto(); - RSAParameters rsaParams = getRSAParameters(); - //Create a new instance of the RSACryptoServiceProvider class - // and automatically create a new key-pair. - RSACryptoServiceProvider RSAalg = new RSACryptoServiceProvider(); - //Import key parameters into RSA. - //RSAalg.ImportParameters(rsaParams); - - //Display the origianl data to the console. - //Console.WriteLine("Original Data: {0}", dataString); - - //Encrypt the byte array and specify no OAEP padding. - //OAEP padding is only available on Microsoft Windows XP or - //later. - encryptedData2 = RSAalg.Encrypt(dataToEncrypt, false); - - //Display the encrypted data to the console. - Console.WriteLine("Encrypted Data: {0}", ByteConverter.GetString(encryptedData2)); - - //Pass the data to ENCRYPT and boolean flag specifying - //no OAEP padding. - decryptedData2 = RSAalg.Decrypt(encryptedData2, false); - - //Display the decrypted plaintext to the console. - Console.WriteLine("Decrypted plaintext: {0}", ByteConverter.GetString(decryptedData2)); - - return decryptedData2; - - //return cryptoEngine.Decrypt(encryptedData, System.Security.Cryptography.RSAEncryptionPadding.OaepSHA256); - } - - private static uint ByteArrayToUInt(byte[] array) - { - uint retVal = 0; - - checked - { - if (BitConverter.IsLittleEndian) - { - for (int index = array.Length - 1; index >= 0; index--) - { - retVal = (retVal << 8) + array[index]; - } - } - else - { - for (int index = 0; index < array.Length; index++) - { - retVal = (retVal << 8) + array[index]; - } - } - } - - return retVal; - } - - private void IntializeCrypto() - { - if(cryptoEngine == null) - { - var tempCryptoEngine = System.Security.Cryptography.RSA.Create(); - byte[] privateKeyBytes = System.Convert.FromBase64String(privateKeyPem); - tempCryptoEngine.ImportRSAPrivateKey(privateKeyBytes, out int bytesRead); - - var rsaKeyInfo = tempCryptoEngine.ExportParameters(false); - var exponent = ByteArrayToUInt(rsaKeyInfo.Exponent); - var modulus = Convert.ToBase64String(rsaKeyInfo.Modulus); - storedPublicKey = new PublicKey(modulus, exponent); - - cryptoEngine = tempCryptoEngine; - } - } - - //TODO: remove this function - private RSAParameters getRSAParameters() - { - - //Create a new instance of RSAParameters. - RSAParameters RSAKeyInfo = new RSAParameters(); - - var tempCryptoEngine = System.Security.Cryptography.RSA.Create(); - byte[] privateKeyBytes = System.Convert.FromBase64String(privateKeyPem); - tempCryptoEngine.ImportRSAPrivateKey(privateKeyBytes, out int bytesRead); - - var rsaKeyInfo = tempCryptoEngine.ExportParameters(false); - var exponent = ByteArrayToUInt(rsaKeyInfo.Exponent); - var modulus = Convert.ToBase64String(rsaKeyInfo.Modulus); - storedPublicKey = new PublicKey(modulus, exponent); - - //cryptoEngine = tempCryptoEngine; - - //Set RSAKeyInfo to the public key values. - RSAKeyInfo.Modulus = rsaKeyInfo.Modulus; - RSAKeyInfo.Exponent = rsaKeyInfo.Exponent; - - return RSAKeyInfo; - - } - } -} \ No newline at end of file diff --git a/microsoft-365-dke/src/customer-key-store/Models/TestStore.cs b/microsoft-365-dke/src/customer-key-store/Models/TestStore.cs deleted file mode 100644 index 505ec73..0000000 --- a/microsoft-365-dke/src/customer-key-store/Models/TestStore.cs +++ /dev/null @@ -1,231 +0,0 @@ -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -namespace Microsoft.InformationProtection.Web.Models -{ - using System; - using System.Collections.Generic; - using Microsoft.Extensions.Configuration; - using Microsoft.InformationProtection.Web.Models.Extensions; - using sg = System.Globalization; - using Microsoft.Extensions.Logging; - using unbound.cryptoki; - using System.Text; - - - public class TestKeyStore : IKeyStore - { - private readonly ILogger _logger; - private const string KeyType = "RSA"; - private const string Algorithm = "RS256"; - private Dictionary> keys = new Dictionary>(); - private Dictionary activeKeys = new Dictionary(); - - public TestKeyStore(IConfiguration configuration,ILogger logger) - { - _logger = logger; - configuration.ThrowIfNull(nameof(configuration)); - - var testKeysSection = configuration.GetSection("TestKeys"); - IAuthorizer keyAuth = null; - - if(!testKeysSection.Exists()) - { - throw new System.ArgumentException("TestKeys section does not exist"); - } - - foreach(var testKey in testKeysSection.GetChildren()) - { - List roles = new List(); - var validRoles = testKey.GetSection("AuthorizedRoles"); - var validEmails = testKey.GetSection("AuthorizedEmailAddress"); - - if(validRoles != null && validRoles.Exists() && - validEmails != null && validEmails.Exists()) - { - throw new System.ArgumentException("Both role and email authorizers cannot be used on the same test key"); - } - - if(validRoles != null && validRoles.Exists()) - { - RoleAuthorizer roleAuth = new RoleAuthorizer(configuration); - keyAuth = roleAuth; - foreach(var role in validRoles.GetChildren()) - { - roleAuth.AddRole(role.Value); - } - } - else if(validEmails != null && validEmails.Exists()) - { - EmailAuthorizer emailAuth = new EmailAuthorizer(); - keyAuth = emailAuth; - foreach(var email in validEmails.GetChildren()) - { - emailAuth.AddEmail(email.Value); - } - } - - int? expirationTimeInDays = null; - var cacheTime = testKey["CacheExpirationInDays"]; - if(cacheTime != null) - { - expirationTimeInDays = Convert.ToInt32(cacheTime, sg.CultureInfo.InvariantCulture); - } - - var name = testKey["Name"]; - var id = testKey["Id"]; - var publicPem = testKey["PublicPem"]; - var privatePem = testKey["PrivatePem"]; - - if(name == null) - { - throw new System.ArgumentException("The key must have a name"); - } - - if(id == null) - { - throw new System.ArgumentException("The key must have an id"); - } - - if(publicPem == null) - { - throw new System.ArgumentException("The key must have a publicPem"); - } - - if(privatePem == null) - { - throw new System.ArgumentException("The key must have a privatePem"); - } - _logger.LogInformation("testStore constructe will createTestKey with following params:name=" + name +" and id=" + id); - - CreateTestKey( - name, - id, - publicPem, - privatePem, - KeyType, - Algorithm, - keyAuth, - expirationTimeInDays); - - } - - // //use ukc as keystore - add also the key from ukc - // byte[] keyNameBytes = Encoding.UTF8.GetBytes(ukcKeyName); - - // Library.C_Initialize(); - // CK_SLOT_ID[] slots = Library.C_GetSlotList(true); - // CK_SLOT_ID slot = slots[0]; - // CK_SESSION_HANDLE session = Library.C_OpenSession(slot); - - // Library.C_FindObjectsInit(session, new CK_ATTRIBUTE[] - // { - // new CK_ATTRIBUTE(CK.CKA_TOKEN, true), - // new CK_ATTRIBUTE(CK.CKA_CLASS, CK.CKO_PRIVATE_KEY), - // new CK_ATTRIBUTE(CK.CKA_KEY_TYPE, CK.CKK_RSA), - // new CK_ATTRIBUTE(CK.CKA_ID, keyNameBytes), - // //new CK_ATTRIBUTE(CK.DYCKA_UID , keyUID) - // }); - - // CK_OBJECT_HANDLE[] foundKeyHandles = Library.C_FindObjects(session, 1); - // Library.C_FindObjectsFinal(session); - - // CK_ATTRIBUTE n = new CK_ATTRIBUTE(CK.CKA_MODULUS); - // CK_ATTRIBUTE e = new CK_ATTRIBUTE(CK.CKA_PUBLIC_EXPONENT); - // CK_ATTRIBUTE privateKeyUid = new CK_ATTRIBUTE(CK.DYCKA_UID); - - // if(foundKeyHandles.Length > 0) - // { - // //get public key - // Library.C_GetAttributeValue(session, foundKeyHandles[0],new CK_ATTRIBUTE[] - // { - // n, - // e, - // privateKeyUid - // }); - - // string nStrBase64 = Convert.ToBase64String((byte[])n.pValue); - // string uid = ukcKeyUid; - // //string vOut = (UInt64)privateKeyUid.pValue; - - - // //build the public key obj - // var publicKeyFromUkc = new PublicKey(nStrBase64,65537); - - // //publicKeyFromUkc.KeyId = ((UInt64)privateKeyUid.pValue).ToString(); - // publicKeyFromUkc.KeyType = "RSA"; - // publicKeyFromUkc.Algorithm = "RS256"; - - // CreateTestKey( - // ukcKeyName, - // uid, - // nStrBase64, - // nStrBase64, - // publicKeyFromUkc.KeyType, - // publicKeyFromUkc.Algorithm, - // keyAuth, - // null); - // } - - } - - public KeyStoreData GetActiveKey(string keyName) - { - _logger.LogInformation("call GetActiveKey from testStore class with keyName : " + keyName); - Dictionary keys; - string activeKey; - KeyStoreData foundKey; - if(!this.keys.TryGetValue(keyName, out keys) || !activeKeys.TryGetValue(keyName, out activeKey) || - !keys.TryGetValue(activeKey, out foundKey)) - { - throw new ArgumentException("Key " + keyName + " not found"); - } - - return foundKey; - } - - public KeyStoreData GetKey(string keyName, string keyId) - { - Console.WriteLine("GetKey function in testStore"); - _logger.LogInformation("call GetKey function in testStore with keyName=" + keyName + "and keyId" + keyId); - - Dictionary keys; - KeyStoreData foundKey; - if(!this.keys.TryGetValue(keyName, out keys) || - !keys.TryGetValue(keyId, out foundKey)) - { - throw new ArgumentException("Key " + keyName + "-" + keyId + " not found"); - } - - return foundKey; - } - - private void CreateTestKey( - string keyName, - string keyId, - string publicKey, - string privateKey, - string keyType, - string algorithm, - IAuthorizer keyAuth, - int? expirationTimeInDays) - { - keyAuth.ThrowIfNull(nameof(keyAuth)); - _logger.LogInformation("call CreateTestKey function in testStore with keyName = " + keyName + " and keyId = " + keyId); - - keys.Add(keyName, new Dictionary()); - - keys[keyName][keyId] = new KeyStoreData( - new TestKey(publicKey, privateKey), - keyId, - keyType, - algorithm, - keyAuth, - expirationTimeInDays); - //Multiple keys with the same name can be in the app settings, the first one for the current name is active, the rest have been rolled - if(!activeKeys.ContainsKey(keyName)) - { - activeKeys[keyName] = keyId; - } - } - } -} \ No newline at end of file diff --git a/microsoft-365-dke/src/customer-key-store/Properties/AssemblyInfo.cs b/microsoft-365-dke/src/customer-key-store/Properties/AssemblyInfo.cs deleted file mode 100644 index 27e64c0..0000000 --- a/microsoft-365-dke/src/customer-key-store/Properties/AssemblyInfo.cs +++ /dev/null @@ -1,36 +0,0 @@ -using System.Reflection; -using System.Runtime.CompilerServices; -using System.Runtime.InteropServices; - -// General Information about an assembly is controlled through the following -// set of attributes. Change these attribute values to modify the information -// associated with an assembly. -[assembly: AssemblyTitle("sample_pkcs11_csharp")] -[assembly: AssemblyDescription("")] -[assembly: AssemblyConfiguration("")] -[assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("sample_pkcs11_csharp")] -[assembly: AssemblyCopyright("Copyright © 2020")] -[assembly: AssemblyTrademark("")] -[assembly: AssemblyCulture("")] - -// Setting ComVisible to false makes the types in this assembly not visible -// to COM components. If you need to access a type in this assembly from -// COM, set the ComVisible attribute to true on that type. -[assembly: ComVisible(false)] - -// The following GUID is for the ID of the typelib if this project is exposed to COM -[assembly: Guid("ce75e8f0-792e-43d9-b179-bc783f653fb1")] - -// Version information for an assembly consists of the following four values: -// -// Major Version -// Minor Version -// Build Number -// Revision -// -// You can specify all the values or you can default the Build and Revision Numbers -// by using the '*' as shown below: -// [assembly: AssemblyVersion("1.0.*")] -[assembly: AssemblyVersion("1.0.0.0")] -[assembly: AssemblyFileVersion("1.0.0.0")] diff --git a/microsoft-365-dke/src/customer-key-store/appsettings.json b/microsoft-365-dke/src/customer-key-store/appsettings.json deleted file mode 100644 index 513214f..0000000 --- a/microsoft-365-dke/src/customer-key-store/appsettings.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "AzureAd": { - "Instance": "https://login.microsoftonline.com/", - "ClientId": "b5ce53be-8c41-428c-b32e-1b237c2d95c0", - "TenantId": "common", - "Authority": "https://login.microsoftonline.com/common/v2.0", - "TokenValidationParameters": { - "ValidIssuers": [ - "https://sts.windows.net/c34dbcdb-ac5e-4da6-a829-00a979e1ff89/" - ] - } - }, - - "AllowedHosts": "*", - "JwtAudience": "https://dkev4.azurewebsites.net/", - "JwtAuthorization": "https://login.windows.net/common/oauth2/authorize", - - "TestKeys": [ - { - "Name": "my_key", - "Id": "3f9c1cd9-10f2-4be1-99d9-b3573b90df45", - "AuthorizedEmailAddress": ["michael.dvir@unboundtech.com,michael@unboundlab.onmicrosoft.com"], - "PublicPem" : "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYxSjCALurb2RLu2CnRe nIRNUTtLjHACz2q/3EU6rEEoG8T1nKtDES4eY0ou1hKSboJfEfCJpsBizYPrdQTC TJb9HSrhU2VmcLMio1Eymns/KsBXEDs6bpJ6tzTBIOm/0fMDCYfs3zycG1VXkklI FCMA66n4LqmVXjjuzNUJG6zy4cbH3BnqvFZTphJuRnwNhixm0UpGOcP4MdugnXr7 22qIL1VgfmRyWgwunbair6cE1fQV5qMyxB/kl8zkfBk5e0tsf0E+FDvQIjKEkZBY Necg6oXwsd6GoHFdRwPLb/tHVDVIggjECTHIkY+QVORVv9KxrKFWHLobrn8cnazu VwIDAQAB", - "PrivatePem": "MIIEpAIBAAKCAQEAuYxSjCALurb2RLu2CnRenIRNUTtLjHACz2q/3EU6rEEoG8T1 nKtDES4eY0ou1hKSboJfEfCJpsBizYPrdQTCTJb9HSrhU2VmcLMio1Eymns/KsBX EDs6bpJ6tzTBIOm/0fMDCYfs3zycG1VXkklIFCMA66n4LqmVXjjuzNUJG6zy4cbH 3BnqvFZTphJuRnwNhixm0UpGOcP4MdugnXr722qIL1VgfmRyWgwunbair6cE1fQV 5qMyxB/kl8zkfBk5e0tsf0E+FDvQIjKEkZBYNecg6oXwsd6GoHFdRwPLb/tHVDVI ggjECTHIkY+QVORVv9KxrKFWHLobrn8cnazuVwIDAQABAoIBAQCd0cPYmd1AKCUZ 20uAYvCiUkntQPEGd7N8NsEQGvZH03fI/uMmKel2sHJ6Y3uo680PH+a7PIvogJTJ V16rfqvBN1/9Mh7Lr2DNlSBuJz9SdGgK9eRX0vjlWcP1FnL6ird0XS2FKs8IJeZl vVYqABjFv+wlhsGo9ucsaGJ9aOpBVYtQdtUyaAkWVbw5Z/1O5X0V8Buuw3u+wJtM clAjYlmh2vcrA9R2GBU9mPnPD1cV7hVhqIg1c2ihUKTGFvaqvdb0Y1yqswCiE/4d 0rP71QbQEoU+hWggbnh3O81nYchqPNrvXKHrZJy1KH5aarHAwTjS/i0cZCstCiVz NgHXjVShAoGBAOWy0U/7NJT2coTX3rEcEsxAdbV7eG5mJylBq9bSxH7r1vqTQFfK hLdIsYfZRlhTkGD5/Upa2X7C9uCGOXRhXhgnA3my7oVSOJEx3dbCcUEl+G2yAHGf osVTuCX9k3CSgE0Lo4ZjFl0+KuYji6wgFIjSx2WBuNGnYtknY+CX24NnAoGBAM7L UbcCtG1c7dJPFKFvyCi/EwSAYdyXsUgQt5hZrzj9IXYiBce0i+p90HYKayVs8TD8 89CvZTWm931q6kYr7qLzndZTBwRv+CPpqc1JyYYvxntoaxYkdVTvsk0jHRNM0LNY vdcniXnimphwuE/SBcAmC9pNk2gRCNOq6qjHpNeRAoGAExdMrFAdq6/cDsx+VswV h+JnpiDP/qUA5j3uEVnNORtS79qjQ2iypSUmlDrrzNWNL3I3qiFo6E8+A6VESzb4 ghtj/45uoqgVyYOSg5H/pcGJJ1zfCpKRDcOKj6XGxll2znCEM9wydKeBG0WjCzhT XJfgOMCSYuJ9pbzPYVBdz0sCgYBwm/dbmXV3OGupYrbxUlXFGofYo7Cm11QK0k+n /u6UMgPOuKg9H+wxPWIPZY0DTFfrPVPoCBstJEcRXO9GVxYUVmVVGNFxcSfHJq74 w32iPNHw0eO+owvhvMVzi/OBVwsvHtwCFd2fKe7VpEw56zyGbjF2J1hmCyCrYx91 2YHCgQKBgQDX8YpwF/kJeQaS1mq9llK/uzHhKMuikgWMXzwgEDR+TGioSBR76mC6 LibQBobZ1Dkbx3kqUMx3aR6yblHt51tuN4vVH2rYgwk5BCZEhIjJKNXLB4lut/5t rx7APRLbTA/51pd15YxVYVQ2OWS9sHe4ns9s+HtuhLkQlnJC7zRzbw==" - } - ] -} diff --git a/microsoft-365-dke/src/customer-key-store/published/App.config b/microsoft-365-dke/src/customer-key-store/published/App.config deleted file mode 100644 index bae5d6d..0000000 --- a/microsoft-365-dke/src/customer-key-store/published/App.config +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - diff --git a/microsoft-365-dke/src/customer-key-store/published/appsettings.Development.json b/microsoft-365-dke/src/customer-key-store/published/appsettings.Development.json deleted file mode 100644 index 29cb436..0000000 --- a/microsoft-365-dke/src/customer-key-store/published/appsettings.Development.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "AzureAd": { - "Instance": "https://login.microsoftonline.com/", - "ClientId": "[Client_id-of-web-api-eg-2ec40e65-ba09-4853-bcde-bcb60029e596]", - "TenantId": "common" - }, - "Logging": { - "LogLevel": { - "Default": "Debug", - "System": "Information", - "Microsoft": "Information" - } - } -} diff --git a/microsoft-365-dke/src/customer-key-store/published/appsettings.json b/microsoft-365-dke/src/customer-key-store/published/appsettings.json deleted file mode 100644 index 5446b88..0000000 --- a/microsoft-365-dke/src/customer-key-store/published/appsettings.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "AzureAd": { - "Instance": "https://login.microsoftonline.com/", - "ClientId": "[3155ff38-4d5a-4f54-921f-12bf803b27e6]", - "TenantId": "common", - "Authority": "https://login.microsoftonline.com/common/v2.0", - "TokenValidationParameters": { - "ValidIssuers": [ - "https://sts.windows.net/2630ffc7-a084-479b-a4f5-a8084d6ad020/" - ] - } - }, - - "AllowedHosts": "*", - "JwtAudience": "https://unbound-dkev2.azurewebsites.net/", - "JwtAuthorization": "https://login.windows.net/common/oauth2/authorize", - "RoleAuthorizer": - { - "LDAPPath": "" - }, - - "TestKeys": [ - { - "Name": "my_key", - "Id": "3f9c1cd9-10f2-4be1-99d9-b3573b90df45", - "AuthorizedEmailAddress": ["michael.dvir@unboundsecurity.com"], - "PublicPem" : "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYxSjCALurb2RLu2CnRe nIRNUTtLjHACz2q/3EU6rEEoG8T1nKtDES4eY0ou1hKSboJfEfCJpsBizYPrdQTC TJb9HSrhU2VmcLMio1Eymns/KsBXEDs6bpJ6tzTBIOm/0fMDCYfs3zycG1VXkklI FCMA66n4LqmVXjjuzNUJG6zy4cbH3BnqvFZTphJuRnwNhixm0UpGOcP4MdugnXr7 22qIL1VgfmRyWgwunbair6cE1fQV5qMyxB/kl8zkfBk5e0tsf0E+FDvQIjKEkZBY Necg6oXwsd6GoHFdRwPLb/tHVDVIggjECTHIkY+QVORVv9KxrKFWHLobrn8cnazu VwIDAQAB", - "PrivatePem": "MIIEpAIBAAKCAQEAuYxSjCALurb2RLu2CnRenIRNUTtLjHACz2q/3EU6rEEoG8T1 nKtDES4eY0ou1hKSboJfEfCJpsBizYPrdQTCTJb9HSrhU2VmcLMio1Eymns/KsBX EDs6bpJ6tzTBIOm/0fMDCYfs3zycG1VXkklIFCMA66n4LqmVXjjuzNUJG6zy4cbH 3BnqvFZTphJuRnwNhixm0UpGOcP4MdugnXr722qIL1VgfmRyWgwunbair6cE1fQV 5qMyxB/kl8zkfBk5e0tsf0E+FDvQIjKEkZBYNecg6oXwsd6GoHFdRwPLb/tHVDVI ggjECTHIkY+QVORVv9KxrKFWHLobrn8cnazuVwIDAQABAoIBAQCd0cPYmd1AKCUZ 20uAYvCiUkntQPEGd7N8NsEQGvZH03fI/uMmKel2sHJ6Y3uo680PH+a7PIvogJTJ V16rfqvBN1/9Mh7Lr2DNlSBuJz9SdGgK9eRX0vjlWcP1FnL6ird0XS2FKs8IJeZl vVYqABjFv+wlhsGo9ucsaGJ9aOpBVYtQdtUyaAkWVbw5Z/1O5X0V8Buuw3u+wJtM clAjYlmh2vcrA9R2GBU9mPnPD1cV7hVhqIg1c2ihUKTGFvaqvdb0Y1yqswCiE/4d 0rP71QbQEoU+hWggbnh3O81nYchqPNrvXKHrZJy1KH5aarHAwTjS/i0cZCstCiVz NgHXjVShAoGBAOWy0U/7NJT2coTX3rEcEsxAdbV7eG5mJylBq9bSxH7r1vqTQFfK hLdIsYfZRlhTkGD5/Upa2X7C9uCGOXRhXhgnA3my7oVSOJEx3dbCcUEl+G2yAHGf osVTuCX9k3CSgE0Lo4ZjFl0+KuYji6wgFIjSx2WBuNGnYtknY+CX24NnAoGBAM7L UbcCtG1c7dJPFKFvyCi/EwSAYdyXsUgQt5hZrzj9IXYiBce0i+p90HYKayVs8TD8 89CvZTWm931q6kYr7qLzndZTBwRv+CPpqc1JyYYvxntoaxYkdVTvsk0jHRNM0LNY vdcniXnimphwuE/SBcAmC9pNk2gRCNOq6qjHpNeRAoGAExdMrFAdq6/cDsx+VswV h+JnpiDP/qUA5j3uEVnNORtS79qjQ2iypSUmlDrrzNWNL3I3qiFo6E8+A6VESzb4 ghtj/45uoqgVyYOSg5H/pcGJJ1zfCpKRDcOKj6XGxll2znCEM9wydKeBG0WjCzhT XJfgOMCSYuJ9pbzPYVBdz0sCgYBwm/dbmXV3OGupYrbxUlXFGofYo7Cm11QK0k+n /u6UMgPOuKg9H+wxPWIPZY0DTFfrPVPoCBstJEcRXO9GVxYUVmVVGNFxcSfHJq74 w32iPNHw0eO+owvhvMVzi/OBVwsvHtwCFd2fKe7VpEw56zyGbjF2J1hmCyCrYx91 2YHCgQKBgQDX8YpwF/kJeQaS1mq9llK/uzHhKMuikgWMXzwgEDR+TGioSBR76mC6 LibQBobZ1Dkbx3kqUMx3aR6yblHt51tuN4vVH2rYgwk5BCZEhIjJKNXLB4lut/5t rx7APRLbTA/51pd15YxVYVQ2OWS9sHe4ns9s+HtuhLkQlnJC7zRzbw==" - } - ] -} diff --git a/microsoft-365-dke/src/customer-key-store/published/customerkeystore b/microsoft-365-dke/src/customer-key-store/published/customerkeystore deleted file mode 100755 index 531b54f0ddbcd61b3fc5e06f5a2312e3cd145bfe..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 90680 zcmce931C!3^7n)!5H2U)5kvxp6;vcaq6rX9fWQm}jU0++2q8cqgh*xp1tFNkWgKTg zSJ!J*R$X<~T~Ry`6~c`-=&A@Rc=s?McmaZ%@As>IZ>A^Yq2K>IvWqiS-CbQ>S63hJ z&HTcmp{)`UT=rip*99&@XJqFKO8?j8%DFODC*PIhYUj##rMtSiTBBAn{@L~Nt#9^c zW-Aop&;Cr&peqrdN%&W7l~=dQ2ShlZAFfm7zp+odcYdh=PtjoVP_{Z-~e6kMz?0)Re;;(!Yq`y?n=dGy)QqTT;&g#JawEMdh z?Kr+a`j=`|9BK9E#AiAcj6eHRbLDdNsjL`(UcWw-6M9!xRQYH3o}F`E@ALYdQ#1XX zzA|poXWd~Jk709{E&p_UC(kF~A4#+PsXGq2Pu%d|fj{o9%l0jF4c|WHsjFGmfPZX9 zSuRekO>uQQp>0a*x9@rCqAwcX z{l4p6+ur)(fvwk#J#~5LyJNPj>%Y0f37%G0lT<@Lw0-8Ghb%8LCYoT-*jJ75G zdu?0B--yAsRDYEN{eBK~#-aYPE%37jLT-tEjRT!`9Qs}CK<7F1nchOby&dqELSZfO z)6;=|fdilOp!Al;dlej|CHmbQ@b^0K<8|O?fdfC&9Oz^@^t;{xzsdoh(yrxko#Vjg z00%z%IOz8a2mB)r^iOc$vx7swXE@*|z>!;|_E>IrRIXgT81}E!lG? z2lhy4*ixp&^g`#zYKC~XAWi*dE2uR{*wy$a*%j(^SnIy%VtQwKT=K%gZ$#SZd$ z%Ypyb9On0+gWMK5&`EUQbFTxP>mBOf;V`Z?4t!qffS>9>-|N7CqXYg22Y-n;&>stY zOZM=s1N}A*bRKu8KOgZb)z#Uxc~ohf34I~>Q(gPU#^aS${~yip3xH2=fldSP$GJL2 z*Z+1W)xaO?a=To=R6O8#yIzB}qyKbkKv?S_9FEjqP_^93%K|GHcs0-uW2eRF=c zNd5M%$!F>MR(022i~i0JHGWKjE*WRh-)GUcx^+zv{4uT{Exb+V0n5MkWobG#-i7sO zwQur_^3n-hgl4)*yrV~yOemjGKB=O{S3YC(h{2W9tI9{0j;}0tl?$G*edV)>p4trMuM#Bq zoKUIP$t5L|rcJLZsqvN0@RgLfCRCPHPOmA)XU+A~@ZZu26K3FJdUbgfKG5Ct860Je zZ$jBwXOY5ru97P+9#zv1W2w%{Ea7l#d^4tBUpVrjQKjCpLKa^%swR8J#EPm3g~b<@ zO`8T(RVn|=f~>wQD1iWcCDSKHE1<}iUFN&Kx*RmJ&IR3B6%)#gZa80E`4zoZ0`pFXQ(eCdRe(n<_d*QzMD$AU`$I_r;?svTM+CQeh?9^)2yE zuPGS?ctXVt&;{x|lT;ZPBc%zY#r)94(=o*I(rMtPrhJCaTLx@a+2qn0CB7M@6}}p< zTsRWAbH|s~RFsuiwY{TDMrW23jykWT_@YtgmQ->O;OYFb>C>u9XOtICn?@F))Uw&7 zdMwgk-%OjGn(JXi)2Q?5Gb*flGs`9+g=_K2f;>Vq#f8FH|rj%Tj{xJQ`nR zc@z}NDju|DIye+GVTCy#Q6qNM9qLQ6hQCU9TKe5Hy{b;l7nu-u5 zUjoE53{iTl=tnm#EG`p0jPm7bU15|hQp+x@EH9l=2wK`;U^G5)LCPk|{888e0r-^+ zVDxCC$x+4&K1cat>YwhXhm_1Ht(sJB$qhQ~Cw^tCG%H6B15_)jCOOj<*DSQ`qeTIM zbk_OeniDH#h;79C=O`$;rlw+&h}d>!%?y~Mqlq1lM}(^?L3k>gjNy#F>|(?S6wEFi zUokU_o>pGvpH@OYhciu_F5$w8CK&mslJaTQzUxb7lvg7{O`lOZsoV-EzN~C>qz*=) zhj}jKK*5(xnmxOux_m~>^s3Uz3Xq+N2n`XRKdIb@4Map5NTQh^YYK)l!%yh?wlkk! zGIG>-@2Gwyqq0jzXTiJsX@5angAc)Grj{TsOt1_$>Kqi2R&PJsyDO?@f-A(X8I%0e z%By^qiXn`eS*6v8CkPD?AXxn4BR{eQSa*<>7X9?fnnJ{uE30PdAW@TxVPHCets_8L zI0^Q-(2kymbmX#wy%8#g^o@;M+lmq4Bu0a5N%`!u@@kpBw8*$XOv^sm8TjsCY6g; zBjr^yT{SgjrBy;1!(_WEyP?0Pvb?;S^~z>VV9+S{O(?IdnC6-|Yeof|57ldrez&Lu$kkvMI8ClC;n?i0>%% zh$nOm{^>H^TOv-#oc@R9u>7%n0oIT_PfN$Y;y+!F6V8sV^Q?1Dmj4TQyWHQY0xQwB zt_zIvo>)uS<;Pc4bmXbyaHE_{F}qy1PcqskxgN0kFGjsPZu=WpJH|B{?b+r8q1VAx zV!@hz8==o~O)t@)m+bn+>JJ~T!2DiNUVB%C)xP}TU4YxUW?AriPfx{)ueIxD3oe!N zWY=vL?CW(qxNGHF0+@fr*10anGz|a91OJv>QYxR6E4Egme~%mZ=#eo>ml}9;A7HtG z?-ixuay1(GTm!$!zz;X@n+^OG27ar7FEj8v4g6#SuMGTD1HaF}Pc!fb4g3NFpH{5p zL)lPv_FuYzx7X$@>uKQWZT4TLfw%V-Se9epq0s1GzJa%Go`oI*4+Tg6iVZvrJ^DA+ zz{A|5f8z|iWg=2G*}$86uQu?q82EGp-^0N7 zH1K~i@R*TB~r_4{_1JqFEZ+98u%gupJU)h82Eexf3bo082C#Je6fKq zHt=H&{G|qdoPi%{;3pgSQ3k%+z>hZYvkkny(WDD&4g6(B{e=epas$8Ez>hWXcN_RC z4g3-V&od|c?{NcvwT;B*QUiaDfnRRmuQl+E2EN3=Z!+-X4E$yTuPsj(ZZ+`Zjruzc z`~(B941BqP-)G<_8u)_-ev*NAS?4FrTPh5Eih-YE;8P8JrGZZ~@Kpvr-M~*b@I4KD zwSmtx@Yfmm90NbYz~>wI+YP+Oz}Fb~Vgv6p@M8_U-@uPE@G}kkWCK6Tz*igi*#>^L zfxq6s*Bba64E#a^KgYl?Ht=%|{M`orMgzaZz|S-Aj~n>;27al5uQl+?4g5_8zR|$f z8Td^GzTUul>UO7ig2~w#-CUlAMqjd8i$YJ`x)gpIe@)plP^GDd5C3&{&Br&wlDUU> zHsPerZbukvNmn>k;8uj0 zGKXCPA37Z{Q|0i!-+<`xJz=KE;hh5SBFv>#c(cHt6K1L$ZWMSMVW!C8r2@Z8n5l7i ziNLQDW=b4hEbtn_OohX>0iM_b1F0G+ZrkU&2g1!{Y=#lW;G> z#R7LHd?w+1fjbdqN*c}-_&CB$MZ@U=wg&k6S>+$iui!b~;8O9g(HFjLI%5`kYQ%+xZxSl~5;nNo&p1ztgz zsbsiX;AaUlg$$1q_zA+fgo_1!h%i&haK6Cz5@re+&J_4|!b}~*=>p$EIFE3uz&8J@`c9E@Jlr6kd;9Z27s)aWT{5j!~gc}9kMwqEt zc&Whe5@t#kULx@8gqezk7Yn?GFjKH_t-vb?GxZ8r3;Zl$rd;810zX0c3c|$#KSY?R zS2$nbdkHh;3TFy@J7K0;;dFs-A$$$tRDo|I%+xCE68HwfOsT^Aeir=`9!Gemz*7h_ zg$i#Lcs$|pgc}9El5iQ}r2>y6Jb~~Mfrk@j>J(lq@F2oWnZmUK_a{7waJ9gF33CDp zj}!Pz!WD#z1@2CG3gLW#I}x5rI8)%`2s330rwiPU@HE1y0=FW})G6!|_)t1vrcB{| z2SxvcnJR^M3cQOjQ>5@_fj=iagK(q3+XyrD2`?4+UBXOx!b=2xoiJ0K@M3}25N3)K zt_3{G6Y6qX4@}a59jX!hc!GJioeD5?;yNkUFV^)- zb^Ryo`n{UhKi8^1PS?-U^>482{|s~-{UobC-t+d>G9k3?`dBD z3(P>QzxjY3zplS)gFSxK&)VY+Y`NAG_}o+X<-X$4-i?jCc;wl*n)jPL8#lTR=DSoQ z+W$E59NRS9T@iJcKaGo5V?4bd$A_ox;4z-SSF>7OvvxUU!9?)KYgVzSX{RNh<%I0| zs}Clkz9+E8vwGKso`lVwEeHK*yh1mA7mYoE4Z8j3R{Pq#Er_Qs|FL7xQq6+{U9%y1 zB~S@JKn38nF0c4xRPdb^W#NP|t325KM*XJE*M#SwiMy*ST%$h=E-$!j6q47}5rMZo zfx{C#!K5BN$$MZ(MoQq^z^J6aMJYw0IjKc~rlPAy(EDG#b9RbGL3_u%y zJ7m47R~1}aP_kA%09)|}Hh6<=JfYdjGazroDcxMY-k!R~gJAR$04`tqm%vHWKKJUB zNSk0v=+dS@YQt;u+j>I%GSmYgUlcf?F2l?LlYzX)kl}*SWI26AU_(LRor1uB13xuq zJ^5t^Hk;t8FQp^k@^17{5hlqC%b%!!R?zZ$;Z8d1oHsxXsWB7zu-#q&LB z-CX`IaidK0=V6rTR~1~%abC058qhq{bQ;hq59p_=H$gnIOf}GS18ZY~>4&Dib1gdO z9fgit)2SyNSkGFM)4kBV?;MNBcVY%DOShdSav?{G5g(vSgA~5*#@C4xV@59WrnGYk z0&f=tK0H#?nGp5k?`Tn{dqSf#($r(58_K@j!ln|NqHY708khqO)IhjXf%j#kdjfma zh9A*@Rz(?+jpvDg4p2qx=0ps}-SWhR)JaCn$kHwO zY>|TQv4YcL*7r9u(o=Q)2|~UlhQ3XUErsX?wOXVH1r)-}gs15s8CBwSLceACixPXP zRTyPdiS|&>G>M%3`$TRqiP+Nl>O{j5z5(E5mX;-CQ{IsK9=f--gwOGH;$j^ga+>>B zCe*v^tvIDWOA?{%`z}qIq-_dvlCKw%m84r4T1N)m>MY<=L=nWo|yUE?KlXJ*wmF`&`PA9w>a6xcr zO77qkcf(p12Ir)D>gFq#yZ&>4BZ5OyU!{3?>t+-8Z{ThjmQZkuC!rpluPIoS08Gv% ze_#D=Wh;PLdlv6sli+Ts#rJ{d6uF1|=6)gR`~vq29Wtenr)fjZCf~>P@A}%+{(O#* z_g!B9n!oLPjw7A%~*CA@$aGG{5$qpjTlwZ}MGLl>4*$rVi+=sMkSG zCYbm>MMY0wb>zzBq#{(^m#8>{Om{cDhr$4etm|pTBQHjnwa3HZ<-6}(A9-6yKZ9zT z?#9&|z9z56z{kifo2G z=t}AbnDa(Vau|Ze0DLk<4a7<&uoeYLc7Zr+k~*CQAEmFZ{W-yZGG|9j_DO~WhN;Nt zl(n^o6Z~!6FEoZKT}_c8o*)Glyj*#LjO)Rn$`g3c(`&8AJ#4e;4(ki7Z`kASLJ`jQ zEa2*J{(LvSpzGRK`5*Ts5i=OLkA>^^AqF#rMBHCfv5i(=i;Wd4svicT#c=<*6!eOP z`yNpbcQ3k-1UUDov-dVN$;M8!bp9fiq^RRi5~)*f>|@ou6|cBl>XL8e`+xX-u>SrK zzn{?Y;&O_*pOlR8b~M|&f4}`T!pRPGB7`mZ zQ?crgT?qK|o!Xy^)tP`-tFH8J3pf-I`eTjMnu$m+S zCr9gaHtRH6btG&1VHdqa%>Mxk=iK8d7xnG3;2V^s0 zk6sBBp@BI+>GjKk-83_A;6QWhn+>$A0krj1K@<{g3xemX)d~RIGnBplb;I(epiV(> zmKfdx(JBv_Rfg#*Vs~>`C6xULmRl=0CwT%J)fv)_mEueR=aBg69pWU8!vbwz_@eC# zCYt=rq(bQ4n1s zp6$$pwM3i)1|XN+?T(O3fe1ckTLvHTa!CQ_j0F3rR#^}KQF}TKK__ZY*L@8@?8%R< zm}n&HggUl8UCb(>>>FM%jO7pqVCTbm;wfGBxBUYWT+K>RQ!tE0p+Jn~!?+q^EN9a+ z|A?{t0Ji?PvDBld-#3d|yP7uNW0b|(?f2Xmmg<9==xL}Olkr;~wGSXsi;Fp->5b%q$_DGJI^{$#m24Ev~ zhnw8>0}(G^iI{a6q$)GgvfjmFxG3} z{Q5oa`n~X85N$Q1qc@n8QJa(LuK$>*rnS;@QQ#X-V4Kt7sjina^h9V?Fb>2X0Z)l$6`90M|U<)e`*^0@eEc=sB zRLiucqFa(F$i-lc*q#>FC)mG|-RBd+<2gOpLizw~iFl$55E#=gHG{4|sj0i6R;<_R z+flT^c4Ehr6 zp+tP1&O;VQP$hM{DNB zB0)Ece1>K`>9m?nk!CIIzg;Q?y`wBfdPSF9;yR0xI3&tn-9?%|fo8OZd(nB(9I4lACM0@K+dOXWEdOIUp+McCp1hrUh5u(?}hT%7wU1>3yrvAGV z%`S>DIZB$1i#5C2qSs#v%3}qkRzWu@m=Y_Ps4k=l+FR!CMPFM?rm2bS?ZfyX+-8+} zl!v7^#g_)6rDwAA2D4PFV~sTyk4j;UWdi0si;WsJYzH-!_b9&)!1u_p5x2GQO^e{5 zVr}Fi{3l!oZ?n*LFv&|WRuUHia4<~0lJKYydxA^YVdqzu(Y^`5@3bFbwYOdBRkpXc z-B%r@z3kYgsg4|-z3py$;B2&W*RSX3v`x%(CgfgpKkG3{h5vG-JbIHKdk4RdGZ`(9 zRCVL0mOLWIM3N${qWcZ@{>Udy=`ngc03205sj4^WVa5FwtlT(nvGN=2`I(D*1V3zp zB3Q|$mb<J%g4F9`QzjIZ0kLi3Og z%u_C3$t@>gdvUlYba8^TuRT;Sw{z{9f7TxAQFEsIg*9IH!|Q6gMRM#z!`efA+z&R^ z9_sDBb8Xh1+C#bXyJl|ncXq#Utfy&p{k#5EjQt&A`>&V*2IQTLk+>UrG&MCb*=soX z8#o>kFQG}+`QVZAIrMQ<#E{PkXl7aI=3nFFV;;Y`7kwO+PbahwW80;fe8M2qTs{wq zcR^v+#_oKy%D?6O{QCXANuJQ<34!kx*Z!P8uXF9{f7bq-F$?lpZOLbBR6ak8e15j% z^KBh z>rvCw9$(kU6)lag7NZ-4(OnQ7-D++AcQ(o>yVf`QI?G5;6pm!L>V~1#Sd%%{R`CPe zb2#1Q?-rLBru#?O`_R#((6WHHQQIjXysW+B)NKfOPb0X$_85ZuwI5-j|Jrt->_Bcy z)(2A2z%}zIbY)8@O|1hZ2Aa9>K65|E{ldH9$7Qp!9unqAFLcdw!=6%Hv)k9sPfd2; z-nceP{xAL}>ve>sRTzm&9Rq5ZVceHDx{pnqxN$HxKafyvJ(NzH$L8DMw3Ww^C^!4R zSDPhP3~^JUU`tm+^r=Tfb<5oOOdR9tF>Da z%3J#=jv^Y>cVGd6+OMH60Ifnrm-+}I+~|6+)>Vt8|0@U5U0mjERD&SKiHq&?>;l=l zTE*QORtLqq^eGgZ`R zAf}oB{8Kb@Ic6VdW}}9@fV5^Vgm9vo>Av6A%;P}Y{)+wa_qpHgZ#5P>g?U>sQ9#wL zHNnR;!GovS1i#%%f=jfjxBO%iyj%#@Vz{_Z1nCBT5LcEZ^=j1?_TkCh>Th)wdzhtZ zJ_4G6mT2g2(H?F!dzc>W;U}QQK3bsv(uXGflk^CNX!=t${qv&q&o=41qxA2L(Z^j8 zPhg*173pAI6)DO{soy@kwa2}3Z6tTYkc>89eQrh@8Kkujwp#Ti8+8X0{Fk{`qDn*K z>^bfi-dMe}P2Fen+phMMt@eaGO`Zim^U=(jlMuoz>H|RC-vtM0sUn}t9u^JMcM<#=EYDFOOgytluuixdIyV0JXpy;B&XDagpt%!39HY9bGdFwy_mCd9g zGz+Xzn^8_%u3ML4Icj(hn}qU8ACf^YI#mYtyk>j>AU&{Is1-H4D}S(A-3hb=YEF?4 zlM(`MduY<&U&kNjcg3E-2^rqNPu@UN*7l-Mj}7Q$;$m;`LT}LTQuSzt`35(dJnC+E z#E>912llFIxM)}3=+7yr`>mrt*Bdq=JrNA4vmseeAdy$A zw7E_yG>>4b4m|3JsLAtUhOw32ZPxp=!_>05CjjnLY{@HqZ}Lj zcse(>xB*iwB)PxDv9R&Wc6cde``{V=rO;^Oyn zDR5Z)mUBjtr8eaoz6@Y=T{%A}SFw&qL8Ml_`JNc$m?a|h-^gSruZuR%eHt3Bq0a$n z9c)FLXqbI@pRI!e7=<82aT#-XdrUsp1Nz{{_2u($| z{%h5c%{bjgNIUTh*r&8x33f1du=%9pqRn@AldtMI6l(oHuMPV6lU=SD7uev-^j`>V z^LCT1Yq#?V-HUFpRGOl$04w3C0F_&uC+ciFEBkPm8`pptq4L{X_+;MRvk2GyAR2mF1ssP``Ufk; z9OyVO=g;;82dr#NKp;qj(hvkXko-5*B<~v$C$Ch04&;?)$ZH2o&uMs%(V|jR?{{G3 z_o=Tr%23|)`^C!BpbD*D=J3A%g#NvX-^c(f}o?OJsN#S<$T#u7_sF1 z$lF>%S3_lS`Ig+)?1{N1HdvS_BGoL&&@#_i6l?HY3h`ECD$S+7@J$p`>U|_wX~+Me z2L{R5rFvmiWJaEQ_HxmLi55cOZYV3smC8o)h&2(Q?A!;TlSL$q^v?)eSEI4Nzo%il zyZ!^A5c8A*7Ujf-0UJ+uH+;`pfvr#-FV5Jeo`Je9U*1bJ9Jwl*Yek9nQZOi1aDi3u z{kLo}ELJc$8qwT~Drs7fR+<_JQH8GoXp~l1r77w(mR=cOdVu1Qwl0<`0rQ63C#JIJ zgs7DAdOaYhZ9r*b*$jC_jb&NHHkMr2obsV8;%z3pt{8*wd}~16WI!#)!{aqW(;@#z z8)F;D4oV-uGNabF6@Zf)Sl0I^QREKwDOiio_hb2jXTk0i5YkysOpCbk;UYRzlcp~D zRnj1uVsL7TH+TU~z_!08*GC#Ybm8t4YZiqvGGhB3-UYu365BlPOFqGMCo6~2=T~G4 zneuQ0$+Mr0G(_ON-d>-~f0fxzGB7coaFv2Y{Wszs1$j1(N8sg2_lTbQ9#5|G#@>sJ z66@`}Z#BBJMxP8c690~Xv@#Q+{HQX&4%^DC1R9N(-YwNXWuOn`%?GK-YPA^b8}ie4 z=#Xy37^NqB;mJIEkhI|6kd`-i9)sK(P|e04Hznq{BuIXkq`jEkZ{! zC`AS}3qyC4o_%Tm-lNcKD`{1DBP}Z??kmjZSN(4DC)gbJJ|5bS?T_G0eFO}+rxyut zQ7Et1T{KRdzayx4aTKe*L~R=99W>4Z7!Zx~8}-&?G0v$p&K@umZ}5Z+T4s}4hTR8k znQc)!YMI>Xnti7@Z#S{5esG+;*R-v=fzhU!4Bv~Iruxb@%_^W#eYCD#j4tShX|$|R z-n)Xew_w73QEHFRzCYj%{2DV$1cPEPFPHPmsJs52R@j2Y##S#Tr1qgb6(|d_=c;J+ zIG-$n!{&HGL-3zKQbtkkukQMJ(mx_fQLx9G-=s@Ani9#jZ1pu@oDAdwX1J$pfO+(@ z_LrfVBAjTRxSl%pGYM9`m>%IXi>7Pqy(sq^{{x=7^(o%mz5drNzOnU#00(X$4oOw^ zs@-^U%o7yeCg7?;?icR*zoML}41!SJPtda`*!v{#80lv*oOTq3FC}4*nh5qHh0ISO zfAU+tj=V`mbi+v`$wbEm#baj&TVLo*Tg4{~*wOR_tOs#J7-RU@|AIGoqf33VmQ8pZ zkFkgH=F$us)nn3%AsZS<^W;W+ya(wtF`4W=hrLfg?_a-3f)@zE7kNFa6lY8Qud; z6MKqW1&Xb8&j8czh8x6Ac!)2<4ff>FuE3a5WN5vQm7&ee@I=m}WsGRp;~?0Rxf~w_ z%|$vcj*jOW|Lbw%5qXx-j=if#Nds9ap%_$sB1Nw`&5&w+wY>FFCOh4B*>KjYP z!jG*{z5m5gM#VXYZj_?Ba#S9GF?(#DzZjaA0kH$kSg#{kc)P2;3FS=jtr7a-s&?(7ZFf>oFM)Ht{;DpRawvCsNe^$Z% z4GI4C1ux)!QIqPiPj9VZdD;IbieW9Mh3>=zm=4H z9gutVB&p#@oZ`$qUCbS;m1y3e9);knNz^uiQJ@=5!N&k_in-PS$-^8Ptnn(iq_JP8 z?*`s|A3S;3fxU7yW~EG*4UL3|8ZL0o-&!L$EU}l?~6p zgj|$+z<07eUj)0VgResPxj&$5|2~pXgdxe=-5?d3pRUd*mGyf&BJabRA#y&yUH7d; zI(S;7y}du<33di4AD)7!ff+QZN<798*~M?~9w1{Es&C zVb2&?F{VPI|QZGdtKW#R?J=!=8jnycWaWi*g-Jt~kDQX>X!8DGy6H7@y zoC1E;Sr~rIT^D1OwiQFi?nsto4(?vK>g4V<8u!I|U7az`-D^TdwY%3-8MUb7?)6*- ztOuX3WGumF5w1eP z@u9PzTQm4wod}77p1s9?tI+eOV0}hz*Q#=q%l<6ygCS7h;e>h=@caaOwFW0LJtXh{ zG~GI0l1U`by_noFg#A(=gCDGC{EIK-vrO}{)tCf9%fd)4&p~Y@kx1q1RLh~Xhcl0E{#te1xS|42@8NTK7~b*SRx51 z980QNjQZi3RPs2HEn&3k!QnVf)VQpb{PXw47#2G!gpQXDaeUjzBXCg!=FH>xT`Tlx;grN_a#+Dbg0^V1 z6pgTwMb{W+-q}{$6t(k0#Dvw$lfXj#Yrb~cM9#_sGWmM;6U_q$*a4K?=$V$I}mcsx#bcx^q&$F4i}#OYHPDA`owCEkZ*aT z2PcHI>YFjZ$cvWcq&U}iFB$=JVVg8H5^cg4(0Wp!dmKP#Ef*t-;Ia3$k-^Q@e2;85 z4B=4#PWEI?S3hE{3q8)2niLK58TBb5y(xf;O{&GeM>Rz~K&mjW%RmPyz!2Q(#r~%b zX*jU?zY*0uxa*0n7DzRw7c0Ki$|4Ma&p-6Od8 zaJY{+$8ea!(qNYpK*bZfL!u%^$|O7&dRf&@8h@$=Qb~1r8SI*uX!0UR9n{VA-Yc5N z-#^sh!)V{E!%Z(59lik|CJF4EZ3ZX)_Eu!(maN(Yt-yZ1d%me@G4l~#eqXSgXZrtd zb&|?xP?wkX5oN(xvEwtyVjJw5D!8AeA*}+Je6P>Q=OafuFKoLGaUjL z1nc<#-w+?0KE%fWWV8qU9b#>K>D2RPw6hFrClnSntSDF2xw68@nAXB4CQ|I4C6sGKI2I6|8abV(R6s`|GBaddj5+fBBm*sKYxZ0 zqUQSx04VFrcWq@oi3VyYy8WLh3mujn+2KO7!ytg)QPx7}6Uut#Kk%1gFgHw?!`5Zq zF=VbSbct=rD!h7WKc;<^3uY1IJE4{*n4`|rU}p>LOt3C5QD|V}H}7?{85^F!I1$Wy zo&*lc_vDYZXaZpkZqwk{@JE2ht_4HsV2Jl^%vs12Tqsje;BNh~=_L9N`RZGWjG_$TA? z5%(8l`GPs?fO;0;#=ib)FJHdhj0C&0A$~5)2FS%CUXzKY*zcpBQ$mYN8(eIi{xrxx zuRf;z#2;w~&^WqA3Lb@$wMP1g<3bv68`LiOk|mI44=Zye8$DVtNAG(4Z}h=>B<@JP zExL3!JOK&SZ})KVJk+kGSJW*@}uSqkkMi7TyZ=cYCF z@%8rv@i0i}iUiMqvHNDVX03V0p%%BrMnA=f2NE8&At|K~zlKnGK*!)a5b-4T`rW_H zUeA3p&h9DrD`h=w-cGs(jUD9fUUUvq9g+QGpd9WBaAQ6*H{>rENU-C+x6@s>v|ZRC z4fl|SP(bl=`3}WVz5D>cp(p#Ge)Q(-uT@{koWZS23=;vZ;Ri0`B`==*hiY360L6aX%V+ zLLDC^jYcnM7>yx3toN+Ggppci)Vvtk>uUD;{T;vBQfgZ$hI-ye2vJWVL!hC1)pne1{?<9L{pw&O4Z{{1PPPt=Salf_<7+dM695e1jZOpUV#&V z6u&-$uU351H(~87V0qBfxi>;j`r_A1*cB01sg{v!)bHPkT?z|729kA6O*m!C-8i$O z6_6f=m?NoK?`jb5-%(lU5AQBOT*viCdw3*-PhQQMD1<>Cl(K z33a$1T_OaSoDf|?bQ9k7}Csc#q?B57w1(n|-aP>?84I;lw&msGEnWOnST>6OI(u4m_<7-U<}D2n*%yp1>RPw?|H=_kekv z4?uQuTWCceSRFCjFq}vc9@;K@4Ub$!Z^qzi(oWbk;aGk3Z&daKaV&yE;*N_qr6bl{ zicQSa=;mizs!RW$R2Jo~s7C0I=!sq8&fnyB-r@%2*dOeoCj)-_9 zazyvW=a7hfNA1R=5Rp4-sp<`CU+$B^@l9AEVD06FX$8NF1`TA1-k27{XisyVRAj=Kd{K zuY9MZ-tUY%Z%vceUA~V*y7_H&1V%iQJ_I)%+6y@xLLBDX%R(8rRf|ohZ&lgDcnyhr z^kXtl!b1YBCDM^>2at`+ zw^RK{AsP8_^EP%MdZ)!z>`Z0wdZ^o;a0&r98J|ozDeAB2h>E;OB3Mkmq2%odY_a$+ z%Z--rBV!t`o12JklW`aw!AfU``UGPGz~DLjcCa=AhMu=Ah$yI6W8%NO&#R2e_Gn|5~tnF{Vmy-~&lr%zI$<84Edy2D`Y?fqja`qpSlpR3*$no!CQ6r2au_J#Z?H zGWq5`7OhAFO0B;i{e~tGcWOq&9g9!iy26x{75!01;>4$F4r*e?leY{8)_4+L_l*e- zNlCBUnd~ph!lSS|R9orG_d0KF0zC6OCdqO|wX1x+F~vLJ##EfA!F2aL0HNK-`x*dt zo{Vd-f5oBSBjhsJC3Q81Llf1nT!RB3&&Dg)@I}88t0!Dydm}1YZ#l}Ona{RF-wLhW z4gV2R$$R2zVepgHAO;NMO-Ba#*e$eIGHO9UwT5n^Q~H3s$3V?ry)41>s=pFU>(&Ljd}Jd@KiKw@$TqIDYzgu%lEe?;#?^h94ojmYTxr~snRs{XGk@C zUA*Pn*V0o}1xtA?J=)H_DAV$bG<6Y6yU{NaV2d#3@CFQkpTFu)C}!5GKcJXFtkjZX zDo_yhiKzgb9Lrityd)Nvd}bUyQQ>@1OYEggM^oY82jf)uk#iB?Tz{fd`+D$RA8u7a z^SnBjR`7g6QSMK^lRN?3@8o6e@Hfz$6czHqHtz=N>t$Et9^m#@(|Hf@OMWmOL}XCT z_W-df-mm_I;Y3n-f0F)b-9OwIcfTxl|L~N1n}z#Kcf-fvXo&2);en-S8em!Y<>19Z z9qvWUQfcKq)j#forDECWGV>J)CEuz$(I>x#vfE6D|312#F^EqP?N#^6cibS_s}|ua z9v)2b449MZJCXN5uR%Lc-Qbjz$gw)VLIfke@OboU%%T5$g~6qWUL$u{zxCe?v5Snu z_rkT*I!K5obW{ix5jhPIFEZlLE@nm73Ymo*5_KpcCWs57pYVcck9?Hk=AV}z9C4&C z1>}5>F`cRjVg$G#8e5Oyg0Lv)8(t7yj|-v^|1RAdE<_?h*sEsWO<^^uRJgvSg8#mJ z6crR(!J?-+4V{Gx07mcorm_ny9<`?%=3I}7p&?Y2xqxE1D4ZlbMU__jCk+?00#rKHwQC7 ziL=|s(6ecOasG^@5N5>qC*ShbN3f5;dMI`ry77hzMJkxOtmXY2&dr&e5BJd+VJ#>d ztCuR+p+T8?5uHjw^TqUGOfguoNG)qct@{6swm%P(?z~jJJ)Ws%-UVFUP?&i~`V#iD z4yf^|F8ls?>>f5>gHgYh_KA*D)nB^lG~yYtSP3NhLbJR60ibw46}Pe{WMoF{6<_cr zXHk~3?;Q0JnBfaBYC(Z3a1Q-_FpaN#LqWR&_UZpqbPR6ppghM>=@Ec=VjgnyzI@cX zigNe58)k`v>RZwOv?8B%1A81|-`?fgvr-~>6p)_P#bv6IP&Cf7h6gU`sb&p562u848O~*U1uJrT9|Sy^uuY88r${jFfNqRD`<^ z(IaN;$e%cE-v+4?Xnu+M^A{PyUPh@7QpUV68o}p16jPr$_I+cgYw2>|_(U=hci(ug zKmNXPY(8jvN4z|)Ku^(p;3@!41Ge&ke_?bq*iyP6)P~co9?q@Yi@I3hDo0I6%kVJ_ zSJCyMz21_;r+80AHi6g~ELK>-y~a4X?{+et{I3_%&0uD&vX-49lW})CN=nv#mDow( zld%@0o+QwAr3IbF#pNmZkB5&zL1p!mc?v+QzhsA&46w3#xDY-0PmQybH2*-oXpCDb z^*}`@sWoadse#lZ&#AMaD85}}LI>zQ{(NN1^M)SY1K>o_(nB}u5h0NN8;$>g?=k1T zHwmwnYX{2;zx7uMk1=`M`-!;WaYSguqQZ)Smx0J%K%@|NX5JM_?5GyRxX+2_MT4DH zUorBH1smI-BiL}ij1}yX6=#7XPwuH1zHn$SoSx>nt(?NHti{C+dO>wLgE?`dW!YRo{<_DSITvx(#eOJ{QODp-!-DpK~x z7FJf|j{zIUNSYt_5cy0i&U92j9wu@S4w4J2wS~j0M&yqQg1k?nP|W!a3vV%NV{M64hsC zTt}G;-)rFBO)p^{bg6ufk-lf03anNafEtu>RXKJeXe{LL-oF569r|5CA8pt=1ml0>2*xLzMjo`8gddPTs~_Oki})Q<_YQ9tQcT zI!)w@tp!fV$7*5!T&8uCw&Hjy<*X3JEo&7tQXM{{M&wo4->4>75^2G8K2`5hFVrb% ztrsABwM8ps1-1%YYR9db7UCtdlg6Ez7B2oDP|HXQ{iHL@;!%aX`_UGMt&xw2kEP(- zmqOi_5o15k@ES4K5QFuU2=GN>;IO>ut}*{4W@?-dV^yQT6r5O=G=`o08I@hW%U+^o z%ERd+t!b-D3V4IfD!AM#7$XHOy!~;Y6qs*+G#2sagA8TaQ{4=4g}D=El%8dkrl`p* zJvF|xt5uq+hO;y^zVvvjG)VKWJ|sgZ>D>fgSw9 zgvf9Z+DGhHIojj;H;LH$c~2jOh`3Tu^{ZHD%x;o1+EjNWgS2g84h z86Or^uuEp+sCm(sx<%QJrY0<_I*Db=RM2tXztf?P)mU#7;W;bZCt|>)*wsmF6nzFf zMId?KhWh0Tl*D%B{|yrUt4Y&V%YDR@@%S75b3K2GT znwrAW{_&-GQi?||MzF9CAeBh-p;1RqvYvU$FrZ}sj%q+@Dgm^j24st?l0;-3kI`2h zg~%~-ruOPB1`Rtv^&|~@@9E5=(9nBN*MkNvBMYu;-Y@#V;mX7vn2Gd{Gc~a#E(lGm z9pLhnV&Z%dMb^aGq)Pv+>9$2Jy=>zt^F_e&BG%A?+6!F1d^Ga25o1617|up9!}EUw z(g^D+HaZDdNt3Q&-4m?3E_M*gzLvPw7H;>=f@^aPaETUftKeYFaxkl2`dX@-!)D1= zmFJ}jjDtKpZbb%LCtII@!8V`qap407+U)H~ucD@t)>mm)YL9_MmZ^0R3RYbl>Pzrp zd^MeBBIrb8(d45Ll~|OjURX#o0Fl_??CB(7N1`4_Az@AGH6TH5&H^{a`nC9$yPh2Iy2&OV8+6kQ$8^T?bDKkZuNE)07T zJ}7bz3gfOlH^c((?qE();Bz!_-*h(!BGNVCrVx_tzdz2H z+L$&X@R_b~#QwlJp1_$Nrs7o?(-i#UOTDTPtEb=}9-<6ZAs|n|zoAIptB^)b!M~wM zTdE+QDfl-O#~f9e_>O-=u@_X8gYWn^GzTxT&G*!;!M}|u{yRqm-eg{VuIB)*MI91V1#MGs$HBkLTetHd1aMKPGAY$pRm7J{dIGYk+~eiPFu-8%b@+(% z^>RBoGD7Bb$H%ELS2E7Ff@~vr+`!r&`Nsbm_eZ?BpZX&ZxwU7_j_l{uzpF#!2%O;! zOi#Hel(gH6Cq`p)oIDD}$HwEHqrDapLIq%3T+(h43;zaN*Zx-S_Ua*!Q+x0qL~%7n z>g-UxVVbO4{;Oq=qY7{Y8^C>l>=ln(-AW3IUB92c^Yt+>(}-7m26VcZ}3 zO=Z^e0n|Sg)Xl{MB(q^42UHi(kD;(_bU?KO${RebC^$!X6L!?iLDe+kzXwaeN7|3T z#-|#Q@J&(RixIiM_%h=5mvAJHm$5twSuRZUHm$>LqY-#>LRinFDcmrUL=!{0{TDs7 zTddEU@M+)YmL2A}jmY|pT8^f~+ zVlv@=*k>5Np&(7sk6$?DVHbOphk;&h&}=P(s&GF-zpoGP=tB9547eM_+!J(p!rmUE zn7e=v%SDj3@LhN7#zFz16W_x})^^mqb_=#n{>)4r7y{$fEWpDczwu0gG1+c98MZ<+Sp*!)8n!FJ{T*j`8SQy+B)5G@P>!GknJE z!H8!Ic8`VKcmwaqBV$MW&PRPlF^X||R`Cc7&3e|cr+VWi3Uw|Yq{Yu3tWoW20mCAC zu1toARHbmqce(nium?rCUmqQo|5Wu0oAX6-c{?trFl9o0UH!C)RDBu69QSf43Rf=c zUt~Hi3!MN$N+k>Ts*6Bi8J~g2Z4LH66_vw_SQAVYGY`n;F6@u&2W^YP0AInBKI`x2W`I0YRLfO?<8Psyrzl4+!&whA3#yA^8wkAk)C@Zc) z&@SRbckYHaK^6&xyZ#`^F*KzY1$cOk$2BwMg$VrFg?zk_=oECb*v?KcnxepW>XUh3 z8@A=H|Cvldt{%$hYmTc}y#q_(8%JN~FOSd+&3MsljuMK4wj)h zM0)-jM+DM}c(b-s__pNFcnAs0q&VNBZMhrx+?BW=Ez#IbX0OMg8%-wD67tS}Acc6$ zTA+On086&z5L0wL8h!?lRlbJhEpLyz7hQ*uiMgo`(53!)554XSO0yPzY+;5JI9%d* z65*NjJn9ulI{bHl(Og~&b5Yo;lBw=tm2GAf_oBCP#-bUT!_rj%RTi{?Umi$_w3b)l zx52z%`~sgXlsA?bdDUA090skInZ>Fz=$pC;n(afs-+ntS6i)hA=vm&^(WW-153WaB z_q%xi6QM-ai)}HM!RgzuPjUKPqYS5attXn>h!VVXzQyaK{P|LuZTA!I(O;pMEzb3B39RsIG?mG0hjL9G_+UCBkq7QB z_p4K7(aH^ZHJ%khd4=d(wHAR$ltj(FYUYhBm!yl5AY^ zL6gDFnv@C2z3MO)l5&j{eeD`aX{)=}!jO(p&tUwRFWe0sAXi;QUipuWQtUX%?~$r5 zpvusDlZ*~g094j$DkDLKhJ$RdSjC1Fyn(D|e}qbcRJ-01#G6sXM?^59=wBE>x)ts2 zKVTNRIa!Kv)*s6Ir|#^lHDDRn?72wdQcB%{;i0BHkxr&w)b(CPJsJjl53<{#rcuYj zq>jt~z8{e%GcNK_aqMbZW zvP9i1%E9xXKcF#Y-50FS|HxSIjZ}=JQQ5*L*8|?Nv7ei=5;HH9`=pvl{DiTj5$FekdUsU5JP~jE0E2 zKtFigA`&|v!1Y1xVDVQ#wS&n{x|Jq%pN*bzf9gIb2TNcDJTF#^e*P(JixA*o_`OiE zQgJX5LpJ%Ob;TU4uZ&EZz`^jm2;^z`q%>(IL))S5C0@)qls651!NJaN6bCCtr{Z8; zogM5Iv~KQTLo}7|R*~=#4tC}&@{v9J65GK7uM1*0T4|4)O+?EMHbT0y9c(+q(@l3) zkIo_c+Rr)WM ziC$bzXR3!UMYkQ$ZFqCc=h~ySlg~Y=eeMeAIr5-7PV}`=4c`Y2VZei|&;Ifm=W~zU zWBA;^066tv`P>1D947EI#@lQ?s^>R6h;ad&qe<$C$@G=_fFUQDj@GCxG!#&&02cLE zwxO8mKk_&c68LmfI5L6%5@J<9p;|=I-;Z1`oZ_cS^1i+p^>p&t(8IHu_MJOpJS40 ze#YE-dGSyP3dVDa8UcRla*p+PWKF6yf8lyQ)EJ$XtzTS-u1{M&pG3FEqT3axQe**+ zF_`@MU2uHkPEJSiMaxubk1#7&Lu3}1BrWJk+9V%C(<86rEXD8q81J{a4V9ei!n%&L z1Coy{S9e=#H|Ci_G>%5~VMn24S=gP_Aw)#~j9Wj;`b=IwkxH?f=eG43sl*vMhr5Q7 z>AmT1l+1brI_!49GCGg2CG+-fk<5v)L;W3UIJggg1i^X&XX9QiR_n9re)@eutYeW?CgBEXbUnd3K zUxH`oQ?b*cDgOKib!1uvF-86wMcY3s%S7Q36v?|$)s-}&*l$}!x9eMhz7N0LA{RuG zq_dXanRBx4Y$Q9w`#3f#PlU3Ji+Io9Vc6q~0Guq_vd3f)qdmR~dB)kJgMS8-M}es6 zjx#T^jqZwFVsx?H>dELW4Cy>zcb9@?gXpmqQUA*;&xrQ)3wdHs z!*owE`ZI7!+l=dj^a^DTSiw{?gEjJ{hP%EFON97ZW2Bb5p+ZWo#_yU#k4vP-r!p2& z4{W|7h2Ic`hEfSQ60G(lUV+OVSO9%Pi6af(p{|4)!e6su=8h(WxLQcO{a+Ha95+ZY@b=#?FvwP)cPv{jra!laW>cgq>)Dkzcs(Bp~ zZ~lKuig5ud{5pDx`IEc_a|%VC!{@iP`<>5mV{c$2;|YF4WVUMMzPSYb=|^}ru4c@( zo(FkDG=~Q&xJ!7kC?U2{HE&Tm#``%&jX6p7BMSC!Oz=y8*x$1I+ekIX_1DgQ^WnDW z4}!o}qS@b7BGcX(piCu>W49k#a_%Yl2`_%qByr_y;$looL(&gEo`7G!B`L!|Ji(_d zJ>rUMB|59U5h`@MUnm?LIX#-c(V7=Rocbew-4oS8fYra04@Y3}_?Iwpq} zHoO){fy0K^CrlZjyEOF%G#uvkl`-x0g}8O;zgc=ZKs$b#BidgtCf~|k|0f}*-AR2! z1BY}^H|xS+k{C9E&q*6Nky;Hc$g4~-)5z|u58g2sjYVhe3sVlrmop;s;3>~y>XB-4 z%~*}8Act0~acU^L1ei{)i&Yy65Fqq}tx}b8$f(>?{Vc&EW;EUqjiv)54a^TDWJma1 z!JcGc$644ef=y>Ogt~BBsoMrv*(OBbJbWvuoo3a5lS_@S1l!ZX=2+Nw1l!lbB34M< zmjpXdu-ShHU^|;yM7xFOErfT5z4TtjH;SS~7oE%S^PD)M>NlCSBsAnJD2|~4TS<@8 zNJH754CaRjj3H{4$S?bQ3oAQ5lU1phC9eC(ix;c_faguGCmtca3%wd=ig+tStng}G z=;uwv=PY`~a=Narlh_iw^|U%j$vtjKL;Kc%ye9?wB(ZRf8!gX8U)ET_c2YI0iUXom zO%DNT?BwbtyTrov@~Z!km?Q@GOvP(1+AyJLfNGj$55j+>s<}s zL&3#X!MJF_U>1O>$@cadC>3Q)#wxP{96>zgEFBkDIu4~5NvXRbKuyGIWUscShE#pG z@C1@)-Y|jpCqvl}#TD})<$Kscq^rR~_Pn?{Y6}g8B=9giZ_n`M5lm}#Q8185Ds!3* z>V}DWAh)Zf5pnX>2e-f#OOZ}D^Jkn&&HKM87u#6VLJI+7FYfh zAR`dpC2`eq;ck-@Yx`R=&#uVUpd>+=0^<$Gi0_vv!JGBKtF zIeXLn&(Y=lDfd`;B15Mxze<;%5LezYRz5(N4~Z-1&yrZ}JL~d6apeO58Cu-(GsJ?nR9o2AbX)G|C7tzEuxFELA#`=<79hyT{V0*Bk9 ziwfu(Q8bNXJi^xHC&t^=s*OYxrvAu4Q3 z{4ECo|8x}L`%PK+ezN{Pli%CpySj|EFU5btryyqu^UT>=pkpqS;C2Fr<{NAY;3OGm z%d7pa)cj;M0c0b`bG3ivc65x-k@6`ETzjrtRSzSme>i5{uL9w;@}I8>lix^91c&u; zq}|q#$7H9=#MX_3i7D!UX7^h|%b z=>3%pndzT^z{0aIhDbh#Hb;iGQLX(*tL0_+TpNDJ8ge_-WW5IKbB*I|8;0^r21$h@a22D@yZY1vfcO-B1Q0FK&zoJzIY+tYBZ+5V>AZ@(EA1lYfwj^>-~ z2mN0A$!f9HzS`p7Wwvki`|XRRefCQWs3*OiR8K)Wc8V+d40HOoY-60&(Oqca%d(vB z9so{)!j`f%FMU~}$7;)Jv`ON!KSbgm7707QIo2d`{2wB5twq94hTg6o(PH=*O zjIM+AuKHW0g}iN_wAQKv7^Z#xk6gFze5}lmL5aEm7PBn!i43vG zBnp}Q7@2`q!LA!g|LR!5ScA?y(!uG%c~>JwUkAV_yPAW*?nftz5J zm9v->&X-n(8s%4v#=Px*kpk4I_3ARC#rAaImL1mYVk4mx`=*$SiC5#uQdf zre40z))}WQdy_mqc!*!FuEv!4(A9#Y8+d#SdVp7fqAiy|1f);%Kzdq{a#$=ZRNL@* zg|>8jj~!n9R$N2!(qg=P&buunA9zFMZwB6p$Ukk_S6}0O1va!VQ5Sf6n+5OIdV8S4aWHl)>`Mm!VEb%1jumKCw;xB<_o*t^*+*|c)m@_MeP?7HjY#ZGZ0|jeCOxq|bfqfv1FBl2{J8Y?Ggt1GmX0p_;8ZMW zj_;2t1LOQLg$|`Zv|X#V80|@}5*;oJ&?9vFDOokE2Pu zX`A2pIg1s;Wtyq&2(DRr#gR!0Wym78H5)p?>!8_=Z`8@ zekjkZ>u*Ro2=>aA|Bdk(J;8+KQEL;c-LMc!~ROB`aSp$6fKkm364e84vMZ&kdWLE!FG+UYgVy z$}CyxCbgbj9Hi z4(c*=T>0+SQQW8M487y)CQ4o|PlrVqmM3kh!~_ci_b-t6R;y%1*=d=Fo^?KxN_yEj z1b4%)CSLXX0GRX4QXlV0ocZ7<8ubGsxYIxSu^bh!#caU2&V4iB9t3PLx-{PX|70_s zxRh9efHbd5VMN-pddvs#G3Wm3hfo(m2_7mqeIx4uuMHe^cEPwOlMcSi;d<5iDM(`; zFoz!8>2k`SM@Fk~#oHw*&&dttb2vy9@)s|$?k-e1fA=#4wWKL_p8pHQ(5FH}u~Ula z8$L4Eai`?Ldxf1v<5Z#*NTf?~z!^tBAw@28N}Wz*^uf`p)Va?24+>$0c0;byR|pVy z#(yqWUBR}RTd@-N@%e-|AE@A{UwyJ=t$=5|+xz`n*?0e%gT9(~Tm%9rRdChQ2u+zR z9W0l58FxGR%ucJV%5vb(umag=Dw-in7}y6Y^2GRm4R1SOCgA*fuPXJu3=NQF;}sJL ze7tn&u0fQ+_j0e0GCh^83Yq@T=%g*D6m3ZO^h}nM&u*`C^v^Ir3RT@Uxqw3Wn3{a* zd?jXw`j$ziv!8B+iDrKzKgKxd6z6mNRMByPP}hT6x#}$LA{SR7O<@(TP=KN;F=_Oe z;Sw)DmTD^Mr?5JO%~4f2LohtQ$FCJSZ@sCgxU&f{PX8?h5mrFx~^644?%66psGh{EhHuW$J?i-ExQ7xmWQ2Zu^IC% z7-;V-+CNMR+i^Dn`5_$|eV_n$XT7k%r~OsT{AYxW+AhYAG-Ho2=5;aZG~*dE(mFWF z@R$dm2j-jPvJ+*k=Q`h_eh-cW>f`2XZlSY}+=21jv%Xeo3!N9pJ(;MowM6B-GcM=f z0n_}86#s=d{xepyD`qJ*!-mGw9 zI>K{BQ+=1F%;RbL0p*}6%c-3V^F|O=#Wj7( zzl2%b+q#PT3J5(EcgX@()U%-LP(Ujx)}6skqUiQ6!clY^~Z2B%GSEYaq z(1`K9S>FdnSFqAo=40gbFFmlWOuD>~_lGR$T{qm0Ns#)j>A8I6s|5lQR&zN>Vmy1_ zDLsN*WL$lhLm$2_g)eSl=Uv{jT_%-{UnAy=SDBc^%~)Vt2e(p*Y7N!EyZtQYIAM(U z`rbq4cg!yq#>6g0sjsE)*XH5-*Ow#e-vsL8zT zrbwU(MLifUZ{embE0KYS@0eYp=WJ-X?1i&1#Z`^X#QFAXZ3FO${#_Y*}su z3z>t82`XOOY~@Fr;E=y!7KBOa*Ko-}8KqDT6b2JV$Klcsv49o9r_QOE#mcX`;D?Cd zLnIlq4ixM%_Gd`(O+QSP+nneRNricIFy^ez3wIkUAt9|XT}=7AX9~K=Rk?Ty2-cKA z8C3seE!tl{tPr%3zmxU!=uE|(%Ibp$VW#NYF`q?yQ5SfYramInzcFSYJ5^KH3-v#R z+Qi2S_&^!H<9IcKyA3>i?(Zf7I^es0j~WY^qt1&JFg10ZJa+_h_Jc?>Eln zJE3T5pE^%X@UO(M7t#(h(v}5bI6rS?UdB!Q%;w=n8*Qwc&(gdtjBY+l^Lt^;?P_D@ z#^Qs*=;6lV>w1VTbUvNPCKNwJ@A9~Bko((s?%jIIk?A~1?yW$54fi&Wdk48U6IK03 zh8Wb%Q&?X$u+TYOMHuSoQvtqqhi6bRl|B(~(0^-grgJg59{_dUK~?GZS4}7`LpEt0 z(y=ImmP)?e-jYmPD;*yqqtJN`ReA6isJ?@D^WOpd)0$0F90o=BH3QSo(E`try!tRq zRbFRHUfmS_+j%T}509X|guK|m3Y`iXu^p)Ank8!$CkLEEOAk%gHkpQUC-kOubWnk^ z;10>C+tMzXE3Mf1pd6~Iq3Ft)otOdgB$m3N3x>vXd$)D7?qp}tQW zAZr@yH}%wTr>2_5dO)b^sTqG`orA{uNAS>C_Yk1>X*1u$?diwk&tq?V77KH_`W|jM zyr|mit{&QJN-4*NFPu$?8||xdyIdIEjCZ4ivA8RcTfN#!TbriW7;Vn=WvELl zevNUm$NdqxUv@Q{KZj^WH@WQ;Mh~OwD%}jzomA?(9;nZj5|4Wr^q9DF34_-nYBL#Id7`A6$pMGqpJqmxV+`C)>)K) zp^P`*-U>Sqj;5hBBT4JIzRf5som;PvRjhwQcBW|VzWKbMn$Knw_|SIG%}ef9P}qOjWlYM~U9q{1$TzsSmUdb^i_D zfB38dgA!gwIggbyx`cJK@`Z|(?>bw5FI9u_8NUTmG+HWe^z{(K$eq91+!geHjiY{D z5ARcSj(!pS0qY*+uST`!OMq}o1L1KeLXFjeJBn>iabz4m`;m+a6LGw-4BuGJbhr=? z&0Yvzrs4gb9L3HTcB}~VKfbPCG+$Nt4YwH0Y6@{fEh;=auEI0%vMk@x=FfLw^2j}l zcTiN6arX+i93N?xH&&)0WlvS~I4e8d*@TUTLk~Dtv8HejUi;e77q5HmEkQO|{UMEzawD({L3fNWlY^f7>aw zd>!AeYT!St8JgH(Uq4`$la2O|jp^$IldmpdJ8BjT!rM|#`pqy5H=A0?#X63Uy6-(j zY0h$bE#Z8SkI&yPxfR`|y!sPX2@^QGzlS09_1>2C%(8Z?olO;H7X9^nasG6O9sG>U zJIL%TI!PrTNBZ5M`!YSSL8)w@4Ovd14kwr-^Tri(;c&B)bSn@Hju)Qf-!RGq#_^iSC117c9!)IGNU!?!iI`${|3~q1= zw83+g!MErPjKOc$FoP6kfU3yiKje*v>qVRm$ac;+=(^7=g=?sOPA{b%Qd}_H`JBpi z6?4Tdb0*sL<#3<#12ELvY-t^G>ldYJ;nD`3E;m|NmGbS7inOwKs#XODG*p63LRDJX zJ{Az_i~6Z*7|=nVs2UrjNT+KON>S8bk-lB3q#8iFSdk71N!fG(NX{eZWf)EOqepS( zbmB(@%Lbt2{K$xl?_(pr`aY3_4OzTZ@^Xp$cA0#1r2-$3MAz}|q?P;JH}O58fk+4W z*10!*wE;e9oyBz1>9cg%LA~RjSSLlhRBU}gOFN71KT9I*ptc*GYSBsO2y+>3nFyGd32$HeJEW&il^@;R_~=Ha(xfYRic0<`Q%}y_OyUdwF>~mQTO_u+_HX(N zb&aN?DM-^hO{knZQ^Q{wkD#^=^Yz#r1KJ^i7ZMQj z=(u}YP2G=lJ$0;4sAhL~EIjt0?%yLKU(_{wFke2rN*LYD!HR{^!yN21J*UfZZbdE! zzePXlO%Br5p5$?x$UPd*{RXJAa5A}{5LJWFYqL?Pw2pSm*LfYfUNg5U=1pO zHP?1($>n0t$Gzw8CT$tHokW!yaPUiCg~Pd0_d~h8D zg|i;%51n;L%s?-k<$QqV%AaG>c9{<1<5@ntJ^|80>6Kl!bE&q=bS01a(?9lI>1R1# z7pQWXPN#|K%{09EIO%2Ed9L#;(tFcz(?<>V8!_ZKN@PZd_lIZ%W^^MEv0Pmp^Zl}F ztmrYVbLIO7&Qt9&3Bzw<7JYs;Ltym4OoB592{?@aL&t5`<1NEw?u{ey?X960Tgp~` zQ?>H51pTrQ3Ush%bKpfBCUBxeOk+o zvd>D=mS9%Zr34=pOmFRrxp=0zh3ND}ePb7b-{ec@gkW&xs>|?>P3&y_{A0zc3!REQ ztl!6c1&_8K<^y1bz`g95GKDE8R<4?88vDYTzNl*ha@?p(adx2y)chB``A5wuEEu;8 z7N8-Nn9a1E53_}oEO<*Es$F?}(Eab?vlO2I zn`3@h>BV(jA@kXb^zz4imNo^KcuxoYr0>WcYUK>IY6H>6x|(P#(%3w2?AT~)EiSDI zfySoRNXTx9gzG}lC|Gu&rKPE{E)Z)BH`}$X&B3P7IJ+ebUTsszu5ZM@x^N`Y+CqUG ztFn1vps6uvPXMF5ITl%L2Sc$?T`UyLu}0=jj|F0_(b8}*g5X z!BE6r7>Yz`VqJJa3yiI8Y-)@xw(A-~b=TVUC{-wERgRcqM?)cnvy_V(V-1bXcB~w7HW<~?Qp$_9_tVk8>*R$Xl)2J+lwNNl342r1;tg-c*zJ% z?=A=B<{WEkAl6_vg_`F9gqrKZBFsc~ZD?^A8%?oAVY_y5EEJ6sZH(GK2}QzoIAX`b zVY?~ZJkOdILR~PgX`$x8f{;CXU~~?+3IBY2sP9 z0r@Z@A`2RuLoiJT78Uwj9$HWv3I>hSzC*K(@-~NKsM^?YI{>c)#I|f!0fIAt7_ftl z5d>ivrq`K5)q;mINMtfvqqdjpF>w(@s5CXf>&8e`5OJcX+8WqqRfiU|gd=p3N48s| zN?Mmshnfxu8c#LWqFSGa#NpDmBnx^+2b5K=15<~36MTtqSd4;)5yuhJa^Z>Ea74v# zYb1jBHKt25WfN0Yp}j0<^q8PA+o)8N=QA3S z7O!N!dRKw3ZSeUc5?X-#?3m|W&o`>Ys-het)l~wNCVjESDL1gr9(c9I0LU5`9im4Y8v_dpge>YBY8bB8yilxe zQ7~(WFRq)y=*tI2hpRq!EE7zPgwgj&%&;#D`YQ~84ZFdGmTYuNkMOf9Ldh?kpKHDx^HuBw?9!yJigEsirZ4`3f33=cky*NVkUpoPm@R zU!Jn^2_@($z4A+0MzlsFBccs~NJu+RIWip0j)a;*>?Fjo7y}yuF^`6kVLClmSyqI& z3)&T^^KwidBQ24}XvnT&zhh5FkcBvb5E+LDda9yoM%c4Sdov}F!11s$84JtmM{Pn`YD_bgFw zK^gp$gYK}Fv%C5>8I-1lqT!~6?1S1O(nxZ0Of7_(7dA%1%?mi4SQv;ja@>SI8K-RY z1-i%eYRROV*A%V|G?@xlYY7vBswsDyxCDJE;#KvIcDSyNGnwFUnS}>K^?}x=n9=EF zi3wjbM>te`iN&rd5}Jo`6~5<`KhapIvS(Y}=b2+OU?ZU)x1vW3BCJ$L zjDagIxTHnre6NxV1$0jM3t(E>RF4s?S=r)WPO%_}52GyFAaN=~zu3ZASG+E7u*=5q z8)^=+9(>D@;hs1A<*!!}Z}NF6PwCBpgzsi+IG+5n8hVb!tuE7=yWPXklZxHQKZo z)sIzRT*as<-!#3%s&7N>NnA&|Mjti5Dh)SB8<8vLVGMaQj}Qe2{qF5mQP{1$y0S4P zUu=|RH)GJ033FXTBRV6ME^3wO#j)Llg$Vkq|I_^cv4}L$q*vN?d4bx(`udT1myF5{ z6$XN1a`P_<2J^<`7ZlXy)nVqBa9olf8a-xI-KhFNUSVD^Kae-3Aor4y`E`L%eQsTT z{V3EwA|3rxU29Bw1U)X-N+ltF0``JHb6_6or>v@qJ-d<(saAzGr7Uc*ae#GbV|1(x z5fW7XWS%x@T5-AQ6kRhQUDbAdD^_hXztL-V=|N;Ih9SQaeYGkjYMs^A? zLfAESb(sB^Dv;0V!|lc4R=YWb5Jvc#$w&Z{Md+?{kHHNh&uOX}x@(_arA1p?uvrj; z7t#6~vA#uyc2Gwww~Bf$_DG3}<7zj(5QldtAxqx$f7v?zq@>cb;rn z+W<4LZ@eGy8o-SHuKOrp8Q?vqVviW`Rlv=F)u%xYF!+7Q4S+muVw3^)!##%>V8%I? zwGr@D=wCk&Hz4pdM%f^&;Q+S{cHPZ{LtJ+c;V{?%xDzm=5A4APY#HEsz-s_E1I7Ti z0j>tz3Ah<>58$(a)!6j?7;rPTd^1pvJ-8KfDa&&i(g6-ALpcEXJkegjYQQ6a8Rf1! z9OYXN7z5k`xEgR9p1|A*m^=~kfI+|`fI9*E;#rtIc&2bT;QC6~2bhn?rq>e(d=zjq zo*Ul-xCgH@WZ*fHvMI0!aOV~97hv*q_!BUHCgcD!u5{gG_;u%O$N`qkfj#th4g5m= zb6s~E>45tI_Xi-~7kChM0PYFlUIFn2*S#LF8gM<}eti6F8({2OjA$e zy$$kdC>LNEVE$sH1FZfD>JKmo_$*-Zbw~%8aRbVQI~+%FZ|qXQolD^d!VcsE7{jw$ zuM%I0`T*Py*!Ogl15W_v0}fb)xCC6^2|p0O4fO#S{3*&07`p>@kq>wT<=G6_7j|v~ zycBRJU^U<#zzoFoe!$^?vAduTa5La~!0NjZALIjm49NHPlFxu1z~O+&KSw<@E7@juL9=(66pZT z0F%#z{)gaa!2OTFe!wHYg5L-qg}s1f&mkS)X2AV`I|082%-@0b%A1OS`GD1cRe(Xj zAYk%Ku$yof$_tnQxR>x{iM+ zmE?Hx#xs9lTj!~Kl^*JuLnIBbaYdme$v;2p4E-~qoCW}(078KnLwwV_kf-bdJJVs zJ`b9e-{DW#IWcu>@1-ZLR^C_j^eW`%4s+e9lt0^(M?FnU-PBuE6#aJuax1c3H#=T$ zoLoNS`hmX=ynn9yt+@PsUoJUM!Ld6#6dFBxjm$t z8<$Mt{#B%Fxzu%$op&I$wIB4S&UM|vq{4=!z)Alaa4O`_BV8Yi=M2>AEYN>Xnis38 z{7jb*{#^_nbxbkZy$$K^LOQ?Q z13+I5`aaN8U{rFQm%sEg#k!xN9Miut9{ncDk-SLBb=&?i&uW>0c8)aG#MFH(Hq#$L z`lm{DKc(}L^toOA2j%)9y;bhI5!y4)mrrq*Ts}lPAUA6weoI696@8=X^OPSZrtUb_ z5ln~QUa;m?xNZ*WF?lKUAL~Q*e*WgA`Y+~px$FJ~I^xoF6Q|5)Kjc#|PuqfWC;zgC ze7b4J{V>mLpX$1N(?0qA9?~V)N554g-78n%UIqR3C*`-q@q%%{`Rt~%k8Rg`KyRx) zwjbcUH&LE(y%Y3Vkl#o<-&1ySWMXX7p8epzgE+XF_I#oEQs1aYGZ0Zv6~@W*S+2X5 z^@!Mq%*52gNmAKtAH%_Kzshw()YBU!@V5`taxY&4VfpTX{0_`>Wqbh6gZXR&{VCA9 z%ZL0u;AhQo-J83ygL*lizw1Y?i|LzpFkN4Coa;dEPA}7O{%_62L-qp8!Zv(x* zrkj3*>mq&w5YwPId9EKSFt3o!8|a}t{agilJLJrs3e`x>a&3cLMaXsAsMV9{ z8lSnIdI3TebjpIoiSX{b9&WAi>u!???J9^j9&Eli&8zdwm7PrTj?W z4!KFmTJG5PJ27?LMR5TytgMNAy^uwU@t47lQDxGNF@RJ_sDaZ7))~No@_(RQ4 zbSDiN+IJ21Y1Tn*936k!2Zkv>Phee z^>l#$6!^?1`H!BSxcZ@?z(dUy7O0GtPG05M|1NIrrVEng`~6J_$l+ z9=Q*dg?%H&XY$V#U-d__&fH=97R1z-5BU|?FG`_4#*x=X=N$3BwZU!-$iEu|ZJ6X+J`{y1lO%0T}T`D{vtEnIhZSDyA>aphsX zbKh?6W3Kxpu9F8Nor(?5Mv$d^`yp5Oxa*?$-oftR@m$FOR;bHApQPc$hYjq=T;%FWo4|N+SN_Tc#;g4t#}>r2eCNc zb+aCXsFja@vrdh#H~OXu^c`A4Vf1lg=WZ;zJbWmuDq~X8YH3Ry!UyBTd7b|f- z!Nj|8K4!FdvSUG&gBMLW*HB~&&PR?f%h8%&%dYR$`!=a@dRGo!uq^AifMOOa zaLRE6|Jj?ZAtxEiXsjHaK*+h396I?Iif&myfO2Z%T`Ox65aut(ZXm3nVsbtLGE32s z25w?+{rSoG7XyMFdh1LgoRd=9IYhQs-322B&OE0z&o+wB1%-vdff%7nB|h zS6TD{E3Q8gMi}e&FVu50PWodYId_0^5#U~Ow&S1Y4^|ERA)L2?Yy={QyK&h~?Z{pB zU918_=EXTUH&O32oXqhaA`5Xc$Da}DzHmWh9KWOylRESwz>|h>X zO(t>;PL}U`MCRih$qOE;{nX)#xoji(=Qz2vkl~ecW2WTZjdeQy-3cfMM+`Q2;qc$D zG{dvU29f?AMQ08JGTulm0CEzLOUQ`;`OI)Uf9DwrFNWdVNy3kCKEVqfB6~hAXyBdD zB693+s)$^I^VoLDlF7k~9Gp)QtH${VFL)@QQ1MwfH&YiK$Y_z__8wd?)>)r2G6VtT zpnsXaaQN?T&4A7?O#3Y}G+wZD*U<|M8Ai%tB5&hl*p4K!A17<_Q)Xx3AA^HGvv|Ao4?; zH0(MeOK{Rdi;3KUlbl6FcHqpyDGD51^e2^viB*oSjJR89`jt2{a4sRT4Cl2taq|?* zR-7O3f`>_4fNNSLJr#qUK_E%i_iyC|57V#k zx|IKT@PacRS+l-_3+B3#<`hFObKOAXav-e7jYMt);sVNX11PK$QNV=fgDZ!-@o~h% z-~m7=z=1!h82_%o`87`KHk^zJIaDfBev;VE<=_Q<7beExg~&W2l{gvTa_I5476^s@ zN{x@=d;}-^7;7f}wFAoW77&^xV*Iy8GvfR-$`EP1_Pt6hRK7$BgmipwdV_1z_ERlL7T4k(Y5&&u@wR zJI?Rp{0)(dpoEqA1d(+>*ekt2)@Z|IDlfqWbDBWpT3pZumcz~i4^Yjsvw%=#F6}761??}Sh3p>~Sszn34H}A5 zI!z8*G)4T+4vNS}6dQ(rvv|QnL3bnLZ4mH6oWCQ3W3tbVUv*f$?@wm?al%@f?+6V4v#h)3d2K<%?KNiL%gd8%*VSF=8{*$DUIN8eYCsK;@H@x5xCwrI_%ASeyK_U}y z#>b*N@IP|iJSE9;fJ}n&?5&C5k zPC0&o|BUKda<<}(;LK-3xfo_s$*1JZ1;PN}leIFDw*iI2c0~pADaOUe2*4L9HXIFx z77QT5{RYMsAK{hd9=lOV^A~Wan$c~oK~)hE3+@5Z-$a4C@zJE-4@1A&#UhmLtbTw? zn6wl;#`8)d*8pK5I*9P`Gwx`tA;JX~?ae203i9SSb3b!o|9mmvy+k-6I~TBkV*H5> zmgFvSehq}9Rs|70Sw$y_SUT)oN-7UuybeiKwV9#|0-zveC607i)3K;ci^J)at#wH+x_XUCY_yH{zrNxVbFp z=(OjFY{uCa=T;&dIcU*iMBdkkDELAnqJU!pOEG|A=V;_YA~ismPa2U%&3TSdaxV}T zMKa}znhMUP*uQ8blgR%9!YRdBM9zhyDK>;ifkxI++l@eG17?uJA6&@-e1;q@-^T*3 zCo&Gm2*4i_xdR9*YCMpnhk>x9V$SnG*uzOa>F8JTf&7kXDuE0DEFuyCLIuKE1cbeh z9DH`1oF}RJ3H*~uELkWH4mB>0!WE@rByq6b%Zn4o2@jm`zzGkW@W2TVobbR251jD8 z2@jm`zzGlhPx8Rw(Zy1n^gIQNHEhvvlZLxBwDOf)u7)idZqjhKhL+a5TSLjj_ix45 zN{?EFnblYqd|1mG{(%I15to-Z4F9GC{JsP{i)&vTT(t7wv)w$nz~<2~tXLqI@jQ-v zRV$%lQO*IZkPWs>s)-qP{>$t%aNrMa>dRAD_=Rz*09(vmMcR~xlrN8 z?!qJ`$Sn#UnF?6nx~e?yoL?*ySL3D}hc*6aKgHL{{=Wrtb-gAQV2h5I?HcaV@GT8L z((tH;eTFN4oTcF)4GT1!py5mn>or`c;c^W(Xt+hg?HcaV@GT8L((tH;eX@1_8V=I1 zK*I?d&eX78!-X0y*KmV|TQuCR;Vuo|((oersNr%A zH)yy;!|fXG((o+}Khp51hJ8lp{52e;VS$DdG@Pkny@m@lT(02;4Yz2xUBg`(zNO(u z8XncKPp-~i!$BGrXgEQ`nHtt>xKP988g9^Vi-y}Z+@;}L8h)hVQ4RZy)cI>TNW%gR zCulfR!+H%DYPej(4H|CIaJz=PG<-|Lk2E~0VV_Yte+>s|SfJqq4QFatui-)smut8| z!z~(a*Kn7HZ)y0EhDSB*W5zE_9f!4DQ+sINtG?gs>G=V>Fml~bdu6=6Y1A2?KmF0C zkL6{4GA{e|0Z-0951jD8|6mVHEG->tXHA?uV~CxfQvzO9DTwb7{3R1=6q0*jRIol)k`mMeL$$5*_+hU9`*`E@ol|f#pKs|^3=H?zHNmVigouB7x^7Up zCCa(INx!;RvG7)Ff-P9rKio5mJ1zp|PycAIV&Olk)AQDw|42;F`*cUK7BKnm?o}+} zyEP#wSl4>UtUEN>`T;KJ1C!pYj|%mI=atixB-b4*yGd`>DHA}Ws7Y^~UJMM!=?d`O zQ~#0ZzsX>7ZDZ1#^~|H%@qAW@2k#p4FmeX+7AV(B1~==acg`1aD_5td{XC8RimM*> zrB6+IZ+&*5k}&HtlfOxC%FjEQOg~aK@Ah_U#HU>|66*$LOtY(#~RGSTBkSm8?|>Oq+gw0BCOTvv8DK*Ku%zIw5~kf1(`!w&G+?CVju5Dt*79Dt~@U%6}y0{{ooQ*;_Nr{>MIf zM7t|qjE= - - - - - diff --git a/microsoft-365-dke/src/customer-key-store/published/customerkeystore.runtimeconfig.json b/microsoft-365-dke/src/customer-key-store/published/customerkeystore.runtimeconfig.json deleted file mode 100644 index 6be1e94..0000000 --- a/microsoft-365-dke/src/customer-key-store/published/customerkeystore.runtimeconfig.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "runtimeOptions": { - "tfm": "netcoreapp3.1", - "framework": { - "name": "Microsoft.AspNetCore.App", - "version": "3.1.0" - }, - "configProperties": { - "System.GC.Server": true - } - } -} \ No newline at end of file diff --git a/microsoft-365-dke/src/customer-key-store/published/customerkeystore.xml b/microsoft-365-dke/src/customer-key-store/published/customerkeystore.xml deleted file mode 100644 index 4839659..0000000 --- a/microsoft-365-dke/src/customer-key-store/published/customerkeystore.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - customerkeystore - - - - diff --git a/microsoft-365-dke/src/customer-key-store/published/runtimes/linux-arm/native/System.IO.Ports.Native.so b/microsoft-365-dke/src/customer-key-store/published/runtimes/linux-arm/native/System.IO.Ports.Native.so deleted file mode 100755 index ebe7e5cd6bfefd364002c375d026bb0fc29962ce..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 10120 zcmeHNeRNaDm7gccvTXc?V~hiYeF9dssU`dszS73BEX!Yj9WWf4wnvuaXG>s9jwDm_ zaf+aJN?OtglDN=v4%uvS(q_|Qwq_TS5Ify&O1IfoPUxNllg)!H5y1{9iow~QG}_;N z@>7MoVYBwCxZqu0$Kh5t}Y3=83|CT9n`z%LV;F63>I~ zO5#cGOX7LZk0$Z-3Xdi6Jm_0V9a8&Ln)K;Hd_fXF7ySK6Jjoko@GUcV>kM9)!FSEz zduH%^XYk*j!C!z64`eg8063Rrus;EB2T$*q_{A7sO*&(J(|k4f2j*Z+0F%4}xCi=q zcuB-xg#DosD5K=Ck775#pGxAfEZH7f2q?KMoectWXx}XH8SDV;d6N478Tj9z{{z$V zH^3jwV9W`-)ZZE4M=+5ar{(X>=szFz6-XE+#cQUd`aJQMff^GYqmA-&Go8YtLj@2r7y>5@S)8oL4 z^SH4JumBv}tq$jQYdfa#wu+7(nyk(?eW%Oa)2p|6yPWN`49c0Ky+iQ3e3DH^dzWpy z;I(}VwHQ&n(&cgZJDK0nCQYZ`(canPbAm@Ro8RvR<-_Rg(&&he*Tz@Z?Js$g;C0zL z>9u1)VHMq3rwL1!S%o&6--e;seZKetN0qxx%BPf9DaKO)MoyzSz&%m4@P+-{Q!2)j zY$0F?;8R85rO-oLe>n1WefQ9zBWKl<8;+Q2{xI>O$Iw5O&j8f&LYL@yB7e_#%J5|NWLZI^o`dAYEL=t^4iSA3H_axE& zB)T(+ZUdcHa{NjjfBcHF{r8a8ncAGT~y=GMtwbPHB8|tMX()ZFemjeoM#LdBFRC3FvF;)9QAb(;9otX$y9nAIagyM<1%s zQHD|)ew=9Y6X-qzI1PwUn^WnH=?%NhyUYuFx1ULa^`$2@jl0bS&e+t0H)2y~W9mk3 z$!_z4Zq3;@(B=SO678~p{~nN9r#aPYRyfsYlY8duRgLkbunPULFMkp`QhO`>`ZC5W z(E9{!LZ=ib_77%Q7S(UFz)xqIlRLz;>`+Z~UR7+W@CIjTio{A-(V{VS^yEje%7Req zVpU=4Tkl?F5oKCNb}oDMVYAD{y=GVoyv@QS%>wv;?s|$Cn|kAVzLskx57qUGBu|us z5qR?Q^&h|o10Zn9V+js!sE_-aeaK~rO}%)X6)qfeN>tV2tfD1vS4BClYC%>}?pwxN zEN3M8Rrc;xE}~iXrRDmvRckBF^&2*A&16lJHX|p^%6;|ONqy!F2GHmJ>r$KQn%ert z_05~MeC-=nyTHo$tKp`}OC?wEw3S>YntwOk5arQJD!UL~cZ=~OQ4RY8$@w?J=BN>T zHv89beUuqTqI21~@P=q>$w)Mx{ZqIu8bIA*_Da|keX4mRs$*xu>!KsABT+pY3R|LL z_ek_!b|T!!|19k0|1SJ6|I_dQ|6KSS|19hebU%$}e)n;rTaV#+sr4w;v<^^B^W#J} z2Z=U5O0@BN;S9{-i&$Iw47BmWr4)CEOL^j&EV`%Ent4dS`tYG@Da?HWzh)r#^8=`*b*n=9$${t|W_1 zUmwlZ-7Ctgw$G#w$*Z8xv>uvSYMrRjEfcGv8nqTt_gA1)>P2FPZULwa^?Z@j%@Y;6 zyTEbk96S~3Ofg+I2UNORBdT?3P-?YO%+hh7vehn&5s_2yAuG%p>#~$u3c)S<&}d=W z<)9X${`9aX!l|T4sYtKOJ{n&s#s!LD-jXwT_G)BbY-(a6HWiu3*CK)|xYqITi`Zm? z+IYO~AIxc}iO#KNMZ3(o&Ri#VxL~*@y0Chi(djg@E$2&yf*R92a24!=x#-@S{dYyXeZ~`Q;Ycsei;Ot@MJ;Lq^4C7Obe-t(?co6 z1;bU7b6QiSoN@mp(`0%pCz>YHTL0+e42qy)l#dvhQdAfeV@6Pl;2IaVls&Fkt`2d_ z^M?6JW495&iH?uccy5Uz$PV)nW>OsHiqb>MqLh%LNHuJXFry-vBE~V^qLBqpVP(u8 zljE)5wCv(3#6rUbJSzjyhXW+X901#zjFHa*l>aV?r?BRV#~}06Lvz5>OHV}cFGzo{ zF>)=S(f&@9Be&mVN7k=|Ra)7TK4GS!(}tv`^s#WWvkqcSW$9Tu^HSYkAE~>`?W-r z_M2)GQQB{6rzqtb!~uO}=$zggb`#d7kqY5i!Hwk#2&{ifxK z80|MzQjBs-#cZusOx03!YPdzBQcKaP;^vEUwDUk^aJeF?vokO|1G6(Q zI|H*bFgpYP4`$$PoM+#SGjAM=vre2t)A@ccfX>lXIOC=>db;leBf?j>Dz< zL>!+>_k47ZN$2@=?~9{xb~k{|_31u?c%12a3gFMDz^%Z40w$ZE0q+5ie?2@jmj89Z z92g6i7Htu{K3pjA6^2zMC5F;9hKiMCr4_uf+SAqL@~`D9Y>o;?N%=}h%iD$WHLJ>P z_8zytXT>^PJ9<6*y@m=y ziGF2|R9X7%(v^mi3PVLvyq+&BDP38zvSbaeGHvb-e#i7^%MEJ`rF!2EciHOIt1DLN zOTR7jc9-&ncCXFta0Z;b_VH0e2 z7vnIcEM=9ximB66t2A7iB3+rm%~j;8?&9*edE9(u0k=T0P`QX(!s$3O_qlhnhBkW# zOuc#Hd^0onoIbzTZ?iLl+v67u9qt~3y~l;iJy#nuwC!~Jc6P-vZs#Pa(}o*6iJBhm zZHyJI$i}qHibfbK8Hy9#oqlGJ?vxFFp%=7tvuvo^xZWW2y4re~L2z2zy|yml&y>~K z1~c0nc#yW$=Jnck#;wRS?Ay9r4tPp8dgl-~T_8z)4rm^7m+TPQFyUy*Hv@cpHei1%W9!UP4L~c*9M+HX|Qmjk) z0)a=dZv;cRfZ~w!asWC2)sY_M0|Lqiav@zR2yHrQkYbkd1VJb2WL2_9uo@u8HpM>y zM-JwE!q*kRIg?0wZYIXL-C1)X`ceJ<5Xw$^DWZaB8lM@q2xJ=&C20EIhWe#> zNd689tW@MS&x0d9nt$ngC@eHtMv5|h0yM5vB|X|FBA=u85_Gbr^=SW?{2aYsLxFG3fZ6%0T4~DQ6ar=NmTqnGJ^jEU7?l& zVPNA*Cs4alnXSa1I8vK1YweOL$6;M`jm~OdEQ=j8Whj-xEvF=mv(+d&3k7kLT0-yl zymv1=dI;mx{`hClvu@5k=bm$aeBQn1zQ$c^?!CvNX+k|#@sHxFCWKoy9I{-sy2VOi zL(3wuP-LP#14a3z%Rw2Yqz%6Gka>z;yZ)b#ZZ_;n8WF}{8nbJ{Xz!XZ22gUX)v&LV zQpH(drno*C*C*qY%p(UpN~(F%+NcQGo-S{tHatq|zR)-RHr`0}A-Rrpsrpw^#XW#H zn&%(;cx2pUTz1I$D`_6rj=>05&HbCi{;j|Ioqx}g6W@40qr?5zfAUCf`S`bQG#8@p zxQ@dD*z&Jqe*iYeb?hy$UC%!{iT_^M7hk8J7bo!_#YC^ye zm?oCU^Do`SbF!ZdX;++u*W1(*ZuQ3EzG&R*72aTLFfP1XAcQ{@js--`z3Zx~y)I|j z3K0r6_?@w^vqIGFjKu>j&UG7{8^h6f%z3{r9^4*4oA9oyyU*Jghz6R1aEaF4R~-ts z2I_nbp@0Z)3$z*z*KPKC{X2X#v@aC=vw-lf-|qFuZmL7RSS%2ejKf1 zU^rH}-4_heFjYI_H}VuARL zI;jn`HdaLgzO6TQ`Wn-z#hmr&c)fvWv^DGvh5dMMVZ0N1|NgCBfAd!F7GS)_(9}k- zLXAs9!Pd4NOMSkmzqz8E_CcBOZ)pm|gE75V|CSct))dkX zuA+X6F#&3)$7r`+Y44WbC03aqyQUd_`_k;g(!N7q4LC}FrN5CvBEzG>Zq$r^22J)W zpGasrX0n^V%Z5#M^LNQflbzn1dQO?_Im)O@q7D*i^RdbKlil2Zp2;p#v>rdtWY5+u z#vg~tZZp}7Om_2qUTU(NuacD}yF{$_<~G@9nfhOAva5GW%^OX2c@^qWn@x7}cSpU+ zo@?sA*<_cmSa02CvKwTLpo#W(`X{WSXRQ#=Otc?4IB4~rpq6v6pM#irxn?}?^y(gm zrQk$?!}_r*d79{+X>pI^`&Vz%^-SoCO?nRWDw94PdV@*Nhu&$@=Rp6lNuLk>s7YT0 z{j^D64Bet#9shRdi%oh7^eU6?gx+A%UC=vCdIj_!oAkS&A2sw-U?D!O8FveD_(&=> zS8>8mp>7FWnFb)s(XB*{iyz~b$>@ik0#vXJ|SNF7p#rO(dT`(X1pVn zI;{4HL##eQd*nELQoj(#Y3zx1OaH`f(UZhnZRcyoFIcsb1D#KJPR|lOHqAYr%o5|N zEHUsX#!p&Bi4ckWq-AVHGRr+sFh!IlETS%$DIQooQ$%c-ze5{ zo^)shC&U!37Ivi0L_W@{T@>1CarW&Z+fs`?ZWpts)M8KD#Z8&DXD|=+Jzk8t6l44% z&G!C5tZSmZs-M=4dG`>*hcTa&RXaY4HC)_)HMCp%C(x$WanWiixnLDPS)EJsGS<(djjhPmmgm^C*(JRe z5h>ET=4-nRP83Hz%MgcLYF`C;%#!e6tpl{?>#gaSzNYH_iyNx?M`>MFO<&jTw65LS z@rm{+{S(#NmGz9=V!V%oy9>r{gHJu)!713t-?zuL@QuE#K96v8L~UC3lY-uhW4}k|Zp?A`;BN1jnftM9;=ZOI^U>#qzPgJm zm+F0~KHQlJ&w1=8hd|%%ebL{cUQhKzcl1ltPf=ZTM3bt1>od{cqAoP@e<6Ar^+BqO z&gf_4L-n;?(N9r#SWr(q75#*Ks2mRKIM4@^0mvfH!a6U@1VVziM^SHy{W&; zVRgnXVsD-)*zcjexyzEh_2BM>V?%gfyS|?txi16n@w=U#T^8HcP!?>97DUeGLN;Va z`tl)<=0^(WiMr)l!gC1wEeU4Hnyx7M{}g-R7?>pgVUMm4WkLtL;oEaWG3~~>3NL$@jmV$+r5afficw` zSho$FsosIPzJ@i&;Cm47H~F7?^*)AdSR>YK!#*ItLCp0a_JR$2f%GHODX!BKpf&wc zMDTO6ZkJOt>~o znGI(`A0PdFjPV`t8?`QUErOg49siD_=S2MMwLgn-=8>MY$Tf#_v?Gb5UAXdfS>Vcp zTn;~cv)MO6;#2{QcAODbIcepR_!S9QM6ybC{lIYmjH}=^wp=@~lPA zWkZNf?H0(h8uF}uZ|G-pHO45${r3oRJDttSnUDX7?n31E@wX83g%HC@+zn@NN3F*l zRgfXd#LV7@*28zLmi>O0K3*kqrg2ZbikQ_l5m9%~0s5xEdfuH#%^d;9qq;0`4MP3` zt3 zUNE*F<2tMc&(}~tb4yk6BQv`5zr>gY1#~Co8AR+m=nLOw7(>&?(EE|~qC}@BiMZrDPkDNAR(^_a7nM6n zf0^!2oN>x!x{fnKIUu=upRNz#Y|}ZTHp;`4E2w@1xv&s>`&G=d_mzwY<>21OZi_6z zS?zs0Ke87&vlnOE0l!}4@XA@V2Nt^i7XB(%Q$J^MMpdpReJ^r>%GIR1(T~d2q-)5X zg*Zdc(73N_k$*!T=zY)<$wgc*@|r;2>qX8!g18ZU=R83iWp38{$NXr$l$%K(L{8In z)A9z~qWw`3opTqg4^>27dQ`Ihub^m737YDHY~XM1!;It%1SH|2BWcD;YZ zjUcx)!p}ZUl=mVxCt&MEZZ1TA#5vJ(GQ9)J!xZDdoSR8U9wvPRx({=#MIS2P>VBqt zOZoxmKFnzy{CaVJ)#KgvF1AKSAV-j&s$p08mi+sOCGzbE&1y?`@bSE(gDcToSh$5brkZmN%94~`%o-h%cK1#07*Ic8N}8LQ7%LxpZttmJgbCqR}b36qXo0@U5kAC@HP1s zISSv5Ymv8VkiYKfAM@h-vD(PFVZ@EjSU7fZ19GnX-9g_$8unzRqa%uY;3t0tAAGl$ zd?>~$no!68cN!?bZ;MlxQ+4=#Ztv)L!b9KNo6+XbMEUn2sgGwZ?g6rQLdTq+de$Na zXg&3hxu2%r4i`66_K#*&kI`?33o{mtsl0yx{n77)yAe0hUfEB5T*#^#+jc26SN(2M zzpGbXNTt@IY(&|NQja1=Q>m9wUPd{L@^h4TQHD@HLirTsbCk0v7f~*uWPFuM<)S1m z!Vl#n%I7HOP%fd^;A2N|pe#XIiE=l}MwEw9_QFTt(QZzq#!^O|bbgos6JP>NfC(@G zCcp%k025#WOn?b60Vco%m;e)C0!)AjFaajO1egF5U;<2l2`~XBzyz286JP>NfC(@G zCcp%k025#WOn?b60Vco%m;e)C0!)AjFaajO1egF5U;<2l2`~XBzyz286JP>NfC(@G zCcp%k025#WOn?b60Vco%m;e)C0!)AjFaajO1egF5U;<2l2`~XBzyz286JP>NfC(@G zCcp%k025#WOn?b60Vco%m;e)C0!)AjFaajO1egF5U;<2l2`~XBzyz286JP>NfC(@G zCcp%k025#WOn?b60Vco%m;e)C0!)AjFaajO1egF5U;<2l2`~XBzyz286JP>NfC(@G zCcp%k025#WOn?b60Vco%m;e)C0!)AjFaajO1egF5U;<2l2`~XBzyz286JP>NfC(@G zCcp%k025#WOn?b60Vco%m;e)C0!)AjFaajO1egF5U;<2l2{3{Gp9H$58S5UF(kd|| zQ<`40NWIxm#ayN57!|wJv(jXDwqdYI`$;LKSCu_r%1g^ zR^&9qsPrGbZ1k6q1IuZPr7}+G#nOMew6BmdSIS{Iu*4#k+-x+=m+jpXMo$Z*uGV>z z)c47D875TwIl11m(r`)YC%ce z-B|WmS%tH-+_|dQusd9(Wfi3rrK^NLIA}AUN`KTvZ+ZKuoXRtMhzwy8h{M`ZtZQ({=+$WrY zX784$uO)D`=5207FOT@~hg`kBXw3y1? zMNp^@6{hl{lJzoilAxTS@{G!tx5GwlDqiJHB~{*pi~gv*qjV=KUm@qHc$HU`3`s}T zuEtmKD^a1GrP@{AQ*v!uyz*0W4caLuDqZDCB~|`a>rdxbhj_}NDqiJLCEap-#V9@A zk9M-Dcy+HSc~Zu!cC~)RzeUDZNxx=!VO^0DIK|IFNss>lY~-TuMRhMJsqSC6=ui6m zqp+Ie)AMd#+6!0X=gI#5JS~1qUXV(bs|!^6t9Yr3-D&aa9#v9}qx{q7|G11-e7_|x zR3-PSKq=GXd(z^M$#^Bx{nO|FVp{x=j8`(n>_OppI{TDvasVf7Axx>hqhRQ^HBvc h+*Du6hh(FSztwC+J>8ddwRW>>myG{LT0ojA{tIiTtU~|* diff --git a/microsoft-365-dke/src/customer-key-store/published/runtimes/linux-x64/native/System.IO.Ports.Native.so b/microsoft-365-dke/src/customer-key-store/published/runtimes/linux-x64/native/System.IO.Ports.Native.so deleted file mode 100755 index 8af62f24bc25a2f1e54a4034b8fed40e51748be9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 14608 zcmeHOdvugVman{^kuh7cYKXgVbF@lZ27d}Gr|nxrKUPCpQom1LWC z?a>%^bjEeg%!;$Kj=S#exU;jKK4-=}hy#eundpuVI%V@|itDuXV@ZKU^iZ&iga zJ%n-pnZHt;>U;06?!8rYzxwKa-y!l(m=69Dpf;mxne*n#WFD- zzca-Q)-5{M^heyLDG0g9!Uu(G^(~vlrg=e+@yipd&dlx&*^YYtVNc~X71YIKRGK68Hyf3TlYfP{ z7_>z36F{#*rD@MZy$JPE)GJXhN1cwETlA&Umu@^1Xl+nTbSx%Xj3y~wEj3Gv5C)_v zsM8dB2`J5v#!tnLItz6MDqUl>%)pIa3d98QymbIj{TTvC{p1#!w=)-nY-9b2qKpQJ z@*rd?Pib5YaJ5QV5HQSgZJ->&@EDnCIr{vEX7QGOzc@PRrNZzan{!7I35#8a&weV=cD{%orQ#nb*U z?5*v5JU(1@d+O}Xgbc-(>*y;Cf@&{W2 zZ6VK2U!a+KsM;OAux522RPPHmT*z5<&=+XEkiu$zcw?XuBmGlKJN*6&_O!tt@`o?v zWTU^ep(^P2ZNIS6*BH)5jG2ey_4+ZyA5F!_1hZ# z;XsJB>$kP|w)=y=`+;Jt5)8D}hnq#XzJUW3uHV)i2{l26nJ*j;f(v2Xbv$n3C3?Qg zx6vOA_?qd0Vv&UW=bhy_om+SKTSYx9wh`MLsH=B}+T2To*Wcg^`!JQdP)IIHK&?9V z?lrf%dC|D#s)3DIy?#yADsQ>FVwfv;FXmN`TSVmHUq1d3Ento$l4Tp=Qb+1ZO)@80 zwmb|+I-gGs1h7*Th=U4?%m^U0=8M;t*N`xf?J;-Obf0yix#+?!i@EXi<18iH)iw|Tfgo}((K}LsAT6< z;MbT{36A6@YD^7gQRZAtGA-xS0L!yUrc0OVWqAh4w1iSGvOI-kdYVZcVEH1Fi%8zj zaz4p)iBs(?|L;|h>C&cluzZSSTE?lZEPqTgJzl12S$>~ny5y-!mft0rE_JGmY1oO# zUzpLAKSDEH#6Job!`}~_PLbS#Atjsev*l3H4k+e**1wI4+nBWvLl(G%D|bLqgy&*# zx2wU;*bMu-0K->yU`y(DI51|llYVL)_;cp_H)3Hp;-58`j~31;MY|cVcG(VByZG_b z?A+uk?4Gtsh=sk$4QI32SZ@O6*Hz9nsPCd$=eyZ+8xPqNf7^^_Mh^RB8g%q*LHMHR*}TXNFXux%-&Er7C1dDKO@^jo zm`CEpuGp))Dr#btWeQqm=TujB3C9GERzNFfMiY2O zo_n|SCqFsEqaSg-PM9M`U1@e!xRNz+6Yt}WVy_yHEXDn0cCK(GzYhm1DH-gY+i7N_ zU)qhop2=-R+lkZ{KVs(fWsfJyG1U~khIc-a{WL2TPXSAa2`k}g8Z|-tn`Yh{&=$v` z{h!plj_h6~u9dhR;vOdMKZyGdaW4>egt%vkqX**DQ^e7ucdC=P7ZLbWlsFr1-1MHr zR@|TINTPQNNNb{f4oG7{ptJPWgn-xdoe6O;Poy^_#J&QNUY8IsOjjqI&w{K>h@&=< zUXlti1{9@1f#0}E2bmk#o{o!?98Jp@Ru_GW2_>h%f=_`bJMq(zp%r4p9%mIh zR8mz8)A})D_cJ_+;Q0*G>M~+m87?N6-qt!YwDyeH8ipql{1wlUR;CdvXZRw5f6p+j zTO&4;;Ryu)ieXySMvPwXJv}yp6H*&%-iT2EJw4+IepbS`BaGPF438sNUQW7Sj2O+^ z(^EunNNVG5GGfm&TuAUe62`q|#Quii0)lHKj62bYJ-~22!EOm3N2p`<4CfJiiG*?c z8nN{Z(*sWm53Lkw+}uWNF~gipQ)ok|Xbr@!V3>36n+(&&V8q5V%&GZj4AZt@#7=_u z^i0HW>W2)|reeh2VVDy=Z8{wp+I5WBL55){(z`n{v?m#{e`SoG8Pfia4DDD(?7NJ? zlSqG~BSZU{5u=^X(?ic5>6Ot;%ic-R%(_U}(*q|WJwKXh4LdqAq!e*@deEClPxtf` z5Vdz?XmgCLM%+PZ53i1Yk$mV2%Qn92db9Hyml^-GI({};h?a$?p<~8BPBub7_QCd% zHOyo2V`)e7$CgO;lPRvAh>Yj`r)2KN~ zNxT^O`&%%J4rPs+YFF_H_YU49OZt5uiA0t@fcI$ ziJl!Fw&QnPWO~QZ{Xo;>I*uNo)=jRG_&}O8iX!7kH(lKE>WkC@_wggqOkSiYI@pu8 zMKk$(#z&7-l8){v`c;0Ucup3nc@i!D^yKJQh|(l_Z%P+2Zq<(WbsWb`_L650G{Xjd z3nCZO?a)4~I2E?kkRO>a+~DarBlE#3^a4R91p2ZCL1u*8r65y+PYN<8(DMP*WKxJo z;apZgi%bh~)xvq<2_ZYUshcYYt07xoA>K$ifTA**I-JBKfm9R_;y9ws3Kz|U*ryP>IV-%Z zU``9i2ke4g{1^@Rw$CNObbqeIV*gEdjX-6X<-7voE3f}VVM?A zLFneJ&?{k?7Jf@GXN7;1uuKcD5KLJi^(_g@% z48WW+7Ie#uK^xj9Cuxg|%%MHnvGBC{C^p38nm=Ioiy!v%WoM-)CLe@~d<{9bQ!cM| z)kdaN$A^#>?zr1?k7tWY4G%&2+{+!kU()*$o->E@MR)!L8{X#DBU$|c%JKf#Z+90b zr-O|yD-0h`mvtBGR~sKdd@8siIfOTgHSt59N8Nbgxf`e_?luqi(*B$-Fzfq~n6~t* z_sflVE9;)bE|N~_;Jv$3rJ(%%L49t>n^~~D38AEG{5|;I2l^N$P1kJ2sciN`&@-UL zSO{l6&t_eq>%Yuq>7nC$pbem}gVNgk9q5ywCqVxhv>Ai?kZ@3XxWc~5CGUX^B5#)? zZ)Wj$+kUjWfYNsp2l}T?T-Y5q*-O?M6YsaRiyLPwzj~2tHW_OBf*gCYrP_OFVXGwY@A__;>+*ikW!3imdC~EYjq6lHVwV(~6|if^i*10A z;rYwSQ-AlMeE{wJ9SrTm!6W^#G8Tcc2#iHwECOQ@7>mGI1jZsT7J;z{j74B90%H*v zi@={f0{UFh@Hrwq0=JVn`h-G7eb(UfwIn~UK8Vn_9xD3$EPeK)qR*q!*eORQT&*acIJ1*)x zjZ%{*U(i6`FR0LWLn?H>m`bH`tnqgG28p7_*~^j;3Lfqce+z1(rdrj2&sQw#xZ*Pt z%Qn@H&s{7Jk5l>ma}#}TKDXcBtAL(XbeviM(-obo=n_S5QuH=Ow<)?)(T5fNj-t;g z`jVoD6s;`1YTj-BU~qEnVbWw4`F0zpiZQ!o>{@b!GlVb#?WAAI)j?s#VuJOK~E89^5T+FLsufEnHl- zqmq^Xh6RBJ;coKb@T9w8 zcWY>Oi=;S0$vSEbBLpwng8pV787OW?b6B|f0Ioai-vyqJ;kx}z-fcl&i{IPS02?hy zO|LH)^zD|Kn!m3eYIKZ}{JVo~JQiO|pdS6V!7F~;+!Y_SbmOF@aM$Bn_*<#5HG(t0 zb&ITx3zN=b`-ZwNx{||un4sEaZ6HR}o6!m?l?`!Rc z{L>h;z20v$-Kq>ppLDdn-gmA6Mk?A~?_Zkg{R%2v^!}h_`d&+Whql-Ig{G!b)Z^EB zntISqdy$s)exzxcvZwJ=-+KHC7W55T&y6s>|7qGwAd2o^+w1w?g*L0b-cL1cQWGY7 z+G=y{8-S6D-tTq3(NyOVsBodati=n#YCoX%FHO18V&G7`ruXIAt9?oTf2cbQi!oSj zr_mib_Buams`G}{&mI3xWv{Pa?*BV#)`p7a+V9J;KcEt=rax8j*KTzDwfs03`b(d_ zzB-@l|BsZbpDWWb4GNLA*ZKbB0)QyF`nmFR(4iq}`=JF+Ncj86*R+2Dx>kFAK3cfh z&7bT)0X15Cx__M?_5U{;Q1R1o*W=ggpf9I?eJ=ahwX*+GNrr#5y{3n9?1g%M5oOY3 z|FETGw4J8E%CX(3}`~a}Vtg6>7l#X8QEyiM{`Q}3)HV?D*Az#q|Wz@KCvM(f%Y~t=)2pxnh zyNf(yLWU7bJJS)X#nz4^W1S9xc9Reg)K&u1QD*8#P;2*f>rAE~B1^LUoqOLVo8b6I z|7`cp+W1W5D zI!+o}*v6vF!l9F8B108V4u`I_=oW%%yuSXaf_HwBs0mNVa!Lkk6&z7I9A4d5?HwVF z*Y~U0g0;qKK{%!{lCmv*G-paepQBD|Xx2O&A3NVcOW%IpnlZxDESOg}jL+xZR_}H> z>fN^cd z9L>51^ZsUi33a5Oys@WRSrjk^V`NZ6Y`Ym zM8ybC)<^Rl89QKy!{yYSR%4Ejoo}m6@K#$*2v69`B8{nN9aLn8W7Uc^EA8bg5I8&lWS*1N>&>3S>$&j>K4~ zPF@${Cnp=^Z%Zav@OM#DKkr|#h0dN`aQQ&>3opL*;PN-nEwdqW{Zl3~hDo12l>ltN*J(2hE zOl9;QjU$ELYFW~@`f}jwxLy>0ClJfncDLG|IiCb-rXN(L6Y)>ZnbB#zW_EOPubCFj z?lm)`>AhxF;G$%lQ3EHlAF1l={1BQhB7cq?MIJ<^{*|978!9Ul<2}`g1%}i0$$??X zSEqE-b6hk_>83~I)Aj+BG`<0Ae8$I-1*0Q823<7F^tSZ_#`@1f=UWz)8&|*TzrDZw zrfc@l6}h}0WQczjZqzec3wt1b1rM{)oX9(4fJhsXm zB`DR>`2+`J9NviO$-#*z)zTxFq8$1Fa2J8->?KT%I$LVLs?Royi9<64=jl<79J&<@ zZs3ZlKD9Ld0Cn{g?>0U_@Ffnji`3OIblb&(>FAG2{r9L(Na)u^+6jdA`J>wP!{%`s zY2a$3ybsz4Dw2a8g0@l)%_q5)#AwUBO!F7xm4llxQgauzEA5_!uJ^sihmj5I$iW6q zfBYuEp??DIA`lv0Pu4JxG?em|&p}oWKFHxS1c%-rDFPw2BU$R-!;qT5TQZDG4lWch zRLG&7B*g$i>i%S@Ka$irQWv=DmV>u(nLWIx2S|oM$V^L?*-J9NBt~fu%`lk8rCM{T zr|Bd`Af!IP)y0Ti9)eVKa~JIbuzHhOi-@(hi#7#Vhm%>eh*i=>iwIU*GD{-XEnT>) zAXalS>+_*_JaPqB7+qv`a34zMo&h&H&_%WdYf&=mRbrj$A_IaoE19*QSg&-sg_M-c z+D5E>U1SVMea@GZ?_N3hC|KqbSWu%Etap-G3b8hTRV&X4LM!9`M)5#dS4nPXTv}la zL+XGfW!NwHhq;&C=Z}$>?cC{)2@g9B%pVgTM(gg62@fmcu<)>6z)Cm4rjwJ&V|F_I zG2tyQa}~l{(m9_TMGnRVojVI{Bc+?X#heW=5QB5<2R{&lZ+yf7xW-1_3MORcRW2<2 zU^j<_9~|Sb@PoT}bArvcI9Y7^=Q%7keHL#*uz8r1#SSN{`D3)L<q?v6IOC~EVq(C+IjH@=Fzl*L13#j19#bCvOrRmO0n z5v0N^V6HMgiF9)QQS9cptX{x+{~F4L+g$MF8y66hD;`lE6;U~ID_VG{n^C69<%2j0uH%fmgm(^st8qQO&3+x7&)8uD+0)y!|nPmH5mH8LQjqt0?qd>8Rt@c&su`xK`&+EmG-e@=eTyFF! z#=DB~zG8fd!FOS}G*`pkk8@?OYCPE*@j?O4mRg)Gdn3z$sBNnc*7~(W&TFk&=dgO( zPA^#?^S0{$B(B2FDDuhBujRS)*A36a9_Mp;z_eXTkNjYOKcKuS;_90_FxNT@IcUP@0cA!|g90ynpC5 z^ecC~NlgC`Iq|Nw032{2xq~bNgnL$y4oDy(NY4|96{Ru1Fptt?<=I1D$iefZGcZ&nhlT)!$;bKDI}Jr-mN!8)Ulom3%E9#la?7E2sX0Fo zsQ-gj^Pf?39x44pJn{w?k%WJUhrZCyNr)dyBvfMwRg=&P(M|-n85Y8$n~Q|_`AtH3 zme3DLhz?vR-$RBAeu)wYg(W$ZPeKIp*?bL*WIphmZbX&pJ;$LYS7XmyyDlhf!d3ibG0 z(KTT@GB|CupjAYdg!xZG(s_@dEsNe6=EpP9as_Q(bXu6^&t<0y+H?fDy@glQHUyMB zkc__G*c`PjQ-$qBaP9Za=fQO&1=lJoydH-d5nj=D)@WP(uaU!Gb&g5=_xpxQoYErx zg|k?iRM@i$L7#pe8GWIi?UN#P00WCN^o!92;mJC)@t@z@Kn(Thb0ctHR^C>CU*wMg ziYz76C{R!LP;`Gpc?>^oYx;Oy+bNz`@SqT$!u3S(zKR(ii$@HTUb@C}n=#jTu7{U8 zFSqitg_l3&<(l~R1=PbaY_=s4_^j^@{42^B!Uqj*d)B!nlIj3O09V9Zlj51u#5pj zrN<|*^s-4T?Z_l1-HxR^w=q+idUJ;4l;{W1x1>3OH_@u6TlH+Ko@doXR=v!s@3-m- ztA5z3T~_V3>K3amn>Y8a4VuSW-{iKHW1@$H(!l5!_nvBz3YUW^zf*<7x6Rptf;}YMu2BM4tzGP3LyHOj+VbtX=4H=IhK5^wbjYIO%Ldj@k+49rJy1Q%s#_1+p< zr$0!1?#Iz;un@e?A{2+HID(tsw6$cXze)FTLk^%(=Q6NbOKIKv=eA0Rq`|EIj51qJ z&cIF0L_}IPjj`#tQ#wL0@^ZTqZ!N^P@whk|xjUlo*pqR()=9?E{}}v7<8ZnwOm4qn z98Q}vneQ5h(-mAYpZ*b&jPDqSKQ#`2b{zivI2^k8JzNHAG61gB*aYNkWW1eV6OnI5 z#%p%|-t?%Z`=x*-6k%t)mU*HfvHO4KuH;thPM;+r@KoU*`aKxP~N3vW - - - - - - - - - - \ No newline at end of file diff --git a/microsoft-365-dke/src/customer-key-store/scripts/key_store_tester.ps1 b/microsoft-365-dke/src/customer-key-store/scripts/key_store_tester.ps1 deleted file mode 100644 index 6b2ad11..0000000 --- a/microsoft-365-dke/src/customer-key-store/scripts/key_store_tester.ps1 +++ /dev/null @@ -1,162 +0,0 @@ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. - -function ParseAuthResponse -{ - param( - [parameter(Mandatory = $true)] - [string] $AuthHeader - ) - if (($AuthHeader -match "^\s*bearer") -eq $False) { - throw "Auth header does not contain bearer" - } - $authFields = $AuthHeader.Split(',') -replace "bearer", ""; - $returnedAuthKeyValues = @{} - foreach ($item in $authFields) { - $matchedAuthLine = [regex]::Match($item, "\s*(?[^=]+)\=\s*\`"(?[^\`"]*)\`"") - if ($matchedAuthLine.Success -eq $False) { - throw "Invalid auth value: $item" - } - - $returnedAuthKeyValues.Add($matchedAuthLine.Groups["name"].value.Trim(), $matchedAuthLine.Groups["value"].value.Trim()) - } - return $returnedAuthKeyValues; -} - -if ($args.Count -ne 1) { - Write-Host " -cmdlet to test a double key customer key store -Please enter the url with key name to test -Ex. .\key_store_tester.ps1 https://mykeystoreurl.com/mykey1 - " - exit -} - -Write-Host "Validation request started: $($args[0])" - -if (-Not $args[0].Trim().StartsWith("https")) { - Write-Host -ForegroundColor red "Validation failure: Url must be begin with 'https'" - exit -} - -try { - $publicKeyResponse = Invoke-WebRequest -uri $args[0] -Method 'GET' -} catch [System.Net.WebException] { - Write-Host -ForegroundColor red "Validation failure: Unable to access the provided url $($_.Exception.Response.StatusDescription)" - exit -} catch { - Write-Host -ForegroundColor red "Unexpected error $($_.Exception)" - exit -} - -Write-Host "Received content from url: $($publicKeyResponse.Content)" - -$jsonResponse = ConvertFrom-Json -InputObject $publicKeyResponse.Content - -if (-Not ([bool]($jsonResponse -match "key"))) { - Write-Host -ForegroundColor red "Validation failure: Response does not contain the key" - exit -} - -$jsonKeyResponse = $jsonResponse.key - -if (-Not ([bool]($jsonKeyResponse -match "kty"))) { - Write-Host -ForegroundColor red "Validation failure: Response does not contain the key type" - exit -} - -if (-Not ([bool]($jsonKeyResponse -match "n"))) { - Write-Host -ForegroundColor red "Validation failure: Response does not contain the modulus" - exit -} - -if (-Not ([bool]($jsonKeyResponse -match "e"))) { - Write-Host -ForegroundColor red "Validation failure: Response does not contain the exponent" - exit -} - -if (-Not ([bool]($jsonKeyResponse -match "alg"))) { - Write-Host -ForegroundColor red "Validation failure: Response does not contain the algorithm" - exit -} - -if (-Not ([bool]($jsonKeyResponse -match "kid"))) { - Write-Host -ForegroundColor red "Validation failure: Response does not contain the key id" - exit -} - -if ($jsonKeyResponse.kty -ne "RSA") { - Write-Host -ForegroundColor red "Validation failure: Invalid key type" -} - -if ($jsonKeyResponse.alg -ne "RS256") { - Write-Host -ForegroundColor red "Validation failure: Invalid key algorithm" -} - -Write-Host "Public key API validation complete" - -try { - $decryptUrl = "$($jsonKeyResponse.kid)/decrypt" - Write-Host "Attempting to access url: $($decryptUrl)" - $decryptResponse = Invoke-WebRequest -uri $decryptUrl -Method 'POST' - Write-Host -ForegroundColor red "Validation failure: Decryption unexpected response" - exit -} catch [System.Net.WebException] { - # it is expected that the call will throw an exception because auth failed - if($_.Exception.Response.StatusCode -ne 401) { - Write-Host -ForegroundColor red "Validation failure: Decryption unexpected response - $($_.Exception.Response.StatusDescription)" - exit - } - - $headerCount = $_.Exception.Response.Headers.Count - $authFound = $False - for ($index = 0; $index -lt $headerCount; $index++) { - if ( $_.Exception.Response.Headers.Keys[$index] -eq "WWW-Authenticate") { - Write-Host "Found auth header - $($_.Exception.Response.Headers[$index])" - $authFound = $True; - - $responeFields = ParseAuthResponse $_.Exception.Response.Headers[$index] - if (-Not ($responeFields.ContainsKey("resource"))) { - Write-Host -ForegroundColor red "resource auth field not found: $authResourceUri" - exit - } - - if (-Not ($responeFields.ContainsKey("authorization"))) { - Write-Host -ForegroundColor red "authorization auth field not found: $authResourceUri" - exit - } - - if (-Not ($responeFields.ContainsKey("realm"))) { - Write-Host -ForegroundColor red "realm auth field not found: $authResourceUri" - exit - } - - $resourceAuthField = $responeFields["resource"] - - if (-Not ($resourceAuthField.StartsWith("https://"))) { - Write-Host -ForegroundColor red "Resource auth field ($($resourceAuthField)) must contains 'https://'. Ensure that the `"JwtAudience`" value in appsettings.json contains 'https://'" - exit - } - - $authResourceUri = [System.Uri]$resourceAuthField - $decryptUrlUri = [System.Uri]$decryptUrl - - Write-Host "Validated parsed resource: $($authResourceUri)" - - if ($authResourceUri.host -ne $decryptUrlUri.host) { - Write-Host -ForegroundColor red "Hostname mismatch between auth resource ($($authResourceUri.host)) and key url ($($decryptUrlUri.host)). Ensure that the `"JwtAudience`" value in appsettings.json matches the host where the key store has been published" - exit - } - } - } - - if($authFound -eq $False) { - Write-Host -ForegroundColor red "Validation failure: WWW-Authenticate header not found" - exit - } -} catch { - Write-Host -ForegroundColor red "Unexpected error $($_.Exception)" - exit -} - -Write-Host -ForegroundColor green "Validation successful!" diff --git a/microsoft-365-dke/src/customer-key-store/App.config b/microsoft-365-dke/src/unbound-key-store/App.config similarity index 100% rename from microsoft-365-dke/src/customer-key-store/App.config rename to microsoft-365-dke/src/unbound-key-store/App.config diff --git a/microsoft-365-dke/src/customer-key-store/CodeAnalysisRuleSet.ruleset b/microsoft-365-dke/src/unbound-key-store/CodeAnalysisRuleSet.ruleset similarity index 100% rename from microsoft-365-dke/src/customer-key-store/CodeAnalysisRuleSet.ruleset rename to microsoft-365-dke/src/unbound-key-store/CodeAnalysisRuleSet.ruleset diff --git a/microsoft-365-dke/src/customer-key-store/Controllers/KeysController.cs b/microsoft-365-dke/src/unbound-key-store/Controllers/KeysController.cs similarity index 91% rename from microsoft-365-dke/src/customer-key-store/Controllers/KeysController.cs rename to microsoft-365-dke/src/unbound-key-store/Controllers/KeysController.cs index afcf9ff..b9f7f00 100644 --- a/microsoft-365-dke/src/customer-key-store/Controllers/KeysController.cs +++ b/microsoft-365-dke/src/unbound-key-store/Controllers/KeysController.cs @@ -27,7 +27,7 @@ public IActionResult GetKey(string keyName) return Ok(publicKey); } - catch(CustomerKeyStore.Models.KeyAccessException) + catch(UnboundKeyStore.Models.KeyAccessException) { return StatusCode(403); } @@ -47,7 +47,7 @@ public IActionResult Decrypt(string keyName, string keyId, [FromBody] ippw.Encry return Ok(decryptedData); } - catch(CustomerKeyStore.Models.KeyAccessException) + catch(UnboundKeyStore.Models.KeyAccessException) { return StatusCode(403); } diff --git a/microsoft-365-dke/src/customer-key-store/Library/CK.cs b/microsoft-365-dke/src/unbound-key-store/Library/CK.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/CK.cs rename to microsoft-365-dke/src/unbound-key-store/Library/CK.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/CKR_Exception.cs b/microsoft-365-dke/src/unbound-key-store/Library/CKR_Exception.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/CKR_Exception.cs rename to microsoft-365-dke/src/unbound-key-store/Library/CKR_Exception.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/CK_ATTRIBUTE.cs b/microsoft-365-dke/src/unbound-key-store/Library/CK_ATTRIBUTE.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/CK_ATTRIBUTE.cs rename to microsoft-365-dke/src/unbound-key-store/Library/CK_ATTRIBUTE.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/CK_INFO.cs b/microsoft-365-dke/src/unbound-key-store/Library/CK_INFO.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/CK_INFO.cs rename to microsoft-365-dke/src/unbound-key-store/Library/CK_INFO.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/CK_MECHANISM.cs b/microsoft-365-dke/src/unbound-key-store/Library/CK_MECHANISM.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/CK_MECHANISM.cs rename to microsoft-365-dke/src/unbound-key-store/Library/CK_MECHANISM.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/CK_MECHANISM_INFO.cs b/microsoft-365-dke/src/unbound-key-store/Library/CK_MECHANISM_INFO.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/CK_MECHANISM_INFO.cs rename to microsoft-365-dke/src/unbound-key-store/Library/CK_MECHANISM_INFO.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/CK_OBJECT_HANDLE.cs b/microsoft-365-dke/src/unbound-key-store/Library/CK_OBJECT_HANDLE.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/CK_OBJECT_HANDLE.cs rename to microsoft-365-dke/src/unbound-key-store/Library/CK_OBJECT_HANDLE.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/CK_SESSION_HANDLE.cs b/microsoft-365-dke/src/unbound-key-store/Library/CK_SESSION_HANDLE.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/CK_SESSION_HANDLE.cs rename to microsoft-365-dke/src/unbound-key-store/Library/CK_SESSION_HANDLE.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/CK_SESSION_INFO.cs b/microsoft-365-dke/src/unbound-key-store/Library/CK_SESSION_INFO.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/CK_SESSION_INFO.cs rename to microsoft-365-dke/src/unbound-key-store/Library/CK_SESSION_INFO.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/CK_SLOT_ID.cs b/microsoft-365-dke/src/unbound-key-store/Library/CK_SLOT_ID.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/CK_SLOT_ID.cs rename to microsoft-365-dke/src/unbound-key-store/Library/CK_SLOT_ID.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/CK_SLOT_INFO.cs b/microsoft-365-dke/src/unbound-key-store/Library/CK_SLOT_INFO.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/CK_SLOT_INFO.cs rename to microsoft-365-dke/src/unbound-key-store/Library/CK_SLOT_INFO.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/CK_TOKEN_INFO.cs b/microsoft-365-dke/src/unbound-key-store/Library/CK_TOKEN_INFO.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/CK_TOKEN_INFO.cs rename to microsoft-365-dke/src/unbound-key-store/Library/CK_TOKEN_INFO.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/CK_VERSION.cs b/microsoft-365-dke/src/unbound-key-store/Library/CK_VERSION.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/CK_VERSION.cs rename to microsoft-365-dke/src/unbound-key-store/Library/CK_VERSION.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/Library.cs b/microsoft-365-dke/src/unbound-key-store/Library/Library.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/Library.cs rename to microsoft-365-dke/src/unbound-key-store/Library/Library.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/LibraryUnix.cs b/microsoft-365-dke/src/unbound-key-store/Library/LibraryUnix.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/LibraryUnix.cs rename to microsoft-365-dke/src/unbound-key-store/Library/LibraryUnix.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/LibraryWindows.cs b/microsoft-365-dke/src/unbound-key-store/Library/LibraryWindows.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/LibraryWindows.cs rename to microsoft-365-dke/src/unbound-key-store/Library/LibraryWindows.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/MechParams/CK_AES_CTR_PARAMS.cs b/microsoft-365-dke/src/unbound-key-store/Library/MechParams/CK_AES_CTR_PARAMS.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/MechParams/CK_AES_CTR_PARAMS.cs rename to microsoft-365-dke/src/unbound-key-store/Library/MechParams/CK_AES_CTR_PARAMS.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/MechParams/CK_CCM_PARAMS.cs b/microsoft-365-dke/src/unbound-key-store/Library/MechParams/CK_CCM_PARAMS.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/MechParams/CK_CCM_PARAMS.cs rename to microsoft-365-dke/src/unbound-key-store/Library/MechParams/CK_CCM_PARAMS.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/MechParams/CK_ECDH1_DERIVE_PARAMS.cs b/microsoft-365-dke/src/unbound-key-store/Library/MechParams/CK_ECDH1_DERIVE_PARAMS.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/MechParams/CK_ECDH1_DERIVE_PARAMS.cs rename to microsoft-365-dke/src/unbound-key-store/Library/MechParams/CK_ECDH1_DERIVE_PARAMS.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/MechParams/CK_GCM_PARAMS.cs b/microsoft-365-dke/src/unbound-key-store/Library/MechParams/CK_GCM_PARAMS.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/MechParams/CK_GCM_PARAMS.cs rename to microsoft-365-dke/src/unbound-key-store/Library/MechParams/CK_GCM_PARAMS.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/MechParams/CK_KEY_DERIVATION_STRING_DATA.cs b/microsoft-365-dke/src/unbound-key-store/Library/MechParams/CK_KEY_DERIVATION_STRING_DATA.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/MechParams/CK_KEY_DERIVATION_STRING_DATA.cs rename to microsoft-365-dke/src/unbound-key-store/Library/MechParams/CK_KEY_DERIVATION_STRING_DATA.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/MechParams/CK_RSA_PKCS_OAEP_PARAMS.cs b/microsoft-365-dke/src/unbound-key-store/Library/MechParams/CK_RSA_PKCS_OAEP_PARAMS.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/MechParams/CK_RSA_PKCS_OAEP_PARAMS.cs rename to microsoft-365-dke/src/unbound-key-store/Library/MechParams/CK_RSA_PKCS_OAEP_PARAMS.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/MechParams/CK_RSA_PKCS_PSS_PARAMS.cs b/microsoft-365-dke/src/unbound-key-store/Library/MechParams/CK_RSA_PKCS_PSS_PARAMS.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/MechParams/CK_RSA_PKCS_PSS_PARAMS.cs rename to microsoft-365-dke/src/unbound-key-store/Library/MechParams/CK_RSA_PKCS_PSS_PARAMS.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/MechParams/DYCK_AES_SIV_PARAMS.cs b/microsoft-365-dke/src/unbound-key-store/Library/MechParams/DYCK_AES_SIV_PARAMS.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/MechParams/DYCK_AES_SIV_PARAMS.cs rename to microsoft-365-dke/src/unbound-key-store/Library/MechParams/DYCK_AES_SIV_PARAMS.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/MechParams/DYCK_DERIVE_BIP_PARAMS.cs b/microsoft-365-dke/src/unbound-key-store/Library/MechParams/DYCK_DERIVE_BIP_PARAMS.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/MechParams/DYCK_DERIVE_BIP_PARAMS.cs rename to microsoft-365-dke/src/unbound-key-store/Library/MechParams/DYCK_DERIVE_BIP_PARAMS.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/MechParams/DYCK_FPE_PARAMS.cs b/microsoft-365-dke/src/unbound-key-store/Library/MechParams/DYCK_FPE_PARAMS.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/MechParams/DYCK_FPE_PARAMS.cs rename to microsoft-365-dke/src/unbound-key-store/Library/MechParams/DYCK_FPE_PARAMS.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/MechParams/DYCK_NIST_KDF_CMAC_CTR_PARAMS.cs b/microsoft-365-dke/src/unbound-key-store/Library/MechParams/DYCK_NIST_KDF_CMAC_CTR_PARAMS.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/MechParams/DYCK_NIST_KDF_CMAC_CTR_PARAMS.cs rename to microsoft-365-dke/src/unbound-key-store/Library/MechParams/DYCK_NIST_KDF_CMAC_CTR_PARAMS.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/MechParams/DYCK_PRF_PARAMS.cs b/microsoft-365-dke/src/unbound-key-store/Library/MechParams/DYCK_PRF_PARAMS.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/MechParams/DYCK_PRF_PARAMS.cs rename to microsoft-365-dke/src/unbound-key-store/Library/MechParams/DYCK_PRF_PARAMS.cs diff --git a/microsoft-365-dke/src/customer-key-store/Library/MechParams/DYCK_SPE_PARAMS.cs b/microsoft-365-dke/src/unbound-key-store/Library/MechParams/DYCK_SPE_PARAMS.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Library/MechParams/DYCK_SPE_PARAMS.cs rename to microsoft-365-dke/src/unbound-key-store/Library/MechParams/DYCK_SPE_PARAMS.cs diff --git a/microsoft-365-dke/src/customer-key-store/Models/Authorizer.cs b/microsoft-365-dke/src/unbound-key-store/Models/Authorizer.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Models/Authorizer.cs rename to microsoft-365-dke/src/unbound-key-store/Models/Authorizer.cs diff --git a/microsoft-365-dke/src/customer-key-store/Models/DecryptedData.cs b/microsoft-365-dke/src/unbound-key-store/Models/DecryptedData.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Models/DecryptedData.cs rename to microsoft-365-dke/src/unbound-key-store/Models/DecryptedData.cs diff --git a/microsoft-365-dke/src/customer-key-store/Models/EmailAuthorizer.cs b/microsoft-365-dke/src/unbound-key-store/Models/EmailAuthorizer.cs similarity index 90% rename from microsoft-365-dke/src/customer-key-store/Models/EmailAuthorizer.cs rename to microsoft-365-dke/src/unbound-key-store/Models/EmailAuthorizer.cs index c1a12ce..a92a60c 100644 --- a/microsoft-365-dke/src/customer-key-store/Models/EmailAuthorizer.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/EmailAuthorizer.cs @@ -46,7 +46,7 @@ public void CanUserAccessKey(ClaimsPrincipal user, KeyStoreData key) if(!validEmails.Contains(email.Trim())) { - throw new CustomerKeyStore.Models.KeyAccessException("User does not have access to the key"); + throw new UnboundKeyStore.Models.KeyAccessException("User does not have access to the key"); } } } diff --git a/microsoft-365-dke/src/customer-key-store/Models/EncryptedData.cs b/microsoft-365-dke/src/unbound-key-store/Models/EncryptedData.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Models/EncryptedData.cs rename to microsoft-365-dke/src/unbound-key-store/Models/EncryptedData.cs diff --git a/microsoft-365-dke/src/customer-key-store/Models/Key.cs b/microsoft-365-dke/src/unbound-key-store/Models/Key.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Models/Key.cs rename to microsoft-365-dke/src/unbound-key-store/Models/Key.cs diff --git a/microsoft-365-dke/src/customer-key-store/Models/KeyAccessException.cs b/microsoft-365-dke/src/unbound-key-store/Models/KeyAccessException.cs similarity index 92% rename from microsoft-365-dke/src/customer-key-store/Models/KeyAccessException.cs rename to microsoft-365-dke/src/unbound-key-store/Models/KeyAccessException.cs index 7513ec7..bed83f5 100644 --- a/microsoft-365-dke/src/customer-key-store/Models/KeyAccessException.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/KeyAccessException.cs @@ -1,6 +1,6 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -namespace CustomerKeyStore.Models +namespace UnboundKeyStore.Models { using System; public class KeyAccessException : Exception diff --git a/microsoft-365-dke/src/customer-key-store/Models/KeyData.cs b/microsoft-365-dke/src/unbound-key-store/Models/KeyData.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Models/KeyData.cs rename to microsoft-365-dke/src/unbound-key-store/Models/KeyData.cs diff --git a/microsoft-365-dke/src/customer-key-store/Models/KeyManager.cs b/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs similarity index 80% rename from microsoft-365-dke/src/customer-key-store/Models/KeyManager.cs rename to microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs index 5aaa68b..42fef82 100644 --- a/microsoft-365-dke/src/customer-key-store/Models/KeyManager.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs @@ -14,13 +14,9 @@ namespace Microsoft.InformationProtection.Web.Models public class KeyManager { - private readonly IKeyStore keyStore; private readonly ILogger _logger; - - - public KeyManager(IKeyStore keyStore,ILogger logger) + public KeyManager(ILogger logger) { - this.keyStore = keyStore; _logger = logger; } @@ -56,23 +52,17 @@ public KeyData GetPublicKey(Uri requestUri, string keyName) if(foundKeyHandles.Length == 0) throw new Exception("key" + keyName + " not found"); - - //get public key - Library.C_GetAttributeValue(session, foundKeyHandles[0],new CK_ATTRIBUTE[] - { - n, - e, - privateKeyUid - }); + //get public key + Library.C_GetAttributeValue(session, foundKeyHandles[0],new CK_ATTRIBUTE[] + { + n, + e, + privateKeyUid + }); string nStrBase64 = Convert.ToBase64String((byte[])n.pValue); var KeyId = Convert.ToString((long)privateKeyUid.pValue,16); - - //var key = keyStore.GetActiveKey(keyName); var publicKey = new PublicKey(nStrBase64,65537); - - //publicKey.KeyId = requestUri.GetLeftPart(UriPartial.Path) + "/" + KeyId; - publicKey.KeyId = requestUri.GetLeftPart(UriPartial.Path) + "/" + KeyId; string keyUrl = requestUri.GetLeftPart(UriPartial.Path) + "/" + KeyId; if(!publicKey.KeyId.Contains("https")) @@ -82,15 +72,7 @@ public KeyData GetPublicKey(Uri requestUri, string keyName) publicKey.KeyType = "RSA"; publicKey.Algorithm = "RS256"; - // if(key.ExpirationTimeInDays.HasValue) - // { - // cache = new PublicKeyCache( - // DateTime.UtcNow.AddDays( - // key.ExpirationTimeInDays.Value).ToString("yyyy-MM-ddTHH:mm:ss", sg.CultureInfo.InvariantCulture)); - // } - return new KeyData(publicKey, cache); - } @@ -106,9 +88,9 @@ public DecryptedData Decrypt(ClaimsPrincipal user, string keyName, string keyId, byte[] keyNameBytes = Encoding.UTF8.GetBytes(keyName); ulong keyUID = (ulong)Convert.ToUInt64(keyId,16); - CK_OBJECT_HANDLE pubKey; - CK_OBJECT_HANDLE prvKey; - CK_OBJECT_HANDLE publicTest; + CK_OBJECT_HANDLE pubKey; + CK_OBJECT_HANDLE prvKey; + CK_OBJECT_HANDLE publicTest; Library.C_Initialize(); CK_SLOT_ID[] slots = Library.C_GetSlotList(true); @@ -134,10 +116,8 @@ public DecryptedData Decrypt(ClaimsPrincipal user, string keyName, string keyId, if(foundKeyHandles.Length == 0) throw new Exception("key" + keyName + " not found"); - //CK_OBJECT_HANDLE hKey = new CK_OBJECT_HANDLE(vOut); _logger.LogInformation("encryptedData.Value = " + encryptedData.Value); - //byte[] plainData = Encoding.UTF8.GetBytes(encryptedData.Value); byte[] plainData = Convert.FromBase64String(encryptedData.Value); Console.WriteLine("Set RSA padding params"); @@ -151,7 +131,6 @@ public DecryptedData Decrypt(ClaimsPrincipal user, string keyName, string keyId, return new DecryptedData(Convert.ToBase64String(decrypted)); - _logger.LogInformation("Faild to decrypt"); throw new Exception("Faild to decrypt"); } diff --git a/microsoft-365-dke/src/customer-key-store/Models/KeyStore.cs b/microsoft-365-dke/src/unbound-key-store/Models/KeyStore.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Models/KeyStore.cs rename to microsoft-365-dke/src/unbound-key-store/Models/KeyStore.cs diff --git a/microsoft-365-dke/src/customer-key-store/Models/PublicKey.cs b/microsoft-365-dke/src/unbound-key-store/Models/PublicKey.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Models/PublicKey.cs rename to microsoft-365-dke/src/unbound-key-store/Models/PublicKey.cs diff --git a/microsoft-365-dke/src/customer-key-store/Models/RoleAuthorizer.cs b/microsoft-365-dke/src/unbound-key-store/Models/RoleAuthorizer.cs similarity index 94% rename from microsoft-365-dke/src/customer-key-store/Models/RoleAuthorizer.cs rename to microsoft-365-dke/src/unbound-key-store/Models/RoleAuthorizer.cs index 914ec17..a2f0142 100644 --- a/microsoft-365-dke/src/customer-key-store/Models/RoleAuthorizer.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/RoleAuthorizer.cs @@ -59,7 +59,7 @@ public void CanUserAccessKey(string sid) if(!success) { - throw new CustomerKeyStore.Models.KeyAccessException("User does not have access to the key"); + throw new UnboundKeyStore.Models.KeyAccessException("User does not have access to the key"); } } } diff --git a/microsoft-365-dke/src/customer-key-store/Models/extensions.cs b/microsoft-365-dke/src/unbound-key-store/Models/extensions.cs similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Models/extensions.cs rename to microsoft-365-dke/src/unbound-key-store/Models/extensions.cs diff --git a/microsoft-365-dke/src/customer-key-store/Program.cs b/microsoft-365-dke/src/unbound-key-store/Program.cs similarity index 92% rename from microsoft-365-dke/src/customer-key-store/Program.cs rename to microsoft-365-dke/src/unbound-key-store/Program.cs index 7987c9d..a9a767e 100644 --- a/microsoft-365-dke/src/customer-key-store/Program.cs +++ b/microsoft-365-dke/src/unbound-key-store/Program.cs @@ -4,7 +4,7 @@ using unbound.cryptoki; -namespace CustomerKeyStore +namespace UnboundKeyStore { using Microsoft.AspNetCore; using Microsoft.AspNetCore.Hosting; diff --git a/microsoft-365-dke/src/customer-key-store/Properties/launchSettings.json b/microsoft-365-dke/src/unbound-key-store/Properties/launchSettings.json similarity index 100% rename from microsoft-365-dke/src/customer-key-store/Properties/launchSettings.json rename to microsoft-365-dke/src/unbound-key-store/Properties/launchSettings.json diff --git a/microsoft-365-dke/src/customer-key-store/Startup.cs b/microsoft-365-dke/src/unbound-key-store/Startup.cs similarity index 95% rename from microsoft-365-dke/src/customer-key-store/Startup.cs rename to microsoft-365-dke/src/unbound-key-store/Startup.cs index d1c0549..b122567 100644 --- a/microsoft-365-dke/src/customer-key-store/Startup.cs +++ b/microsoft-365-dke/src/unbound-key-store/Startup.cs @@ -1,6 +1,6 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -namespace CustomerKeyStore +namespace UnboundKeyStore { using System.Collections.Generic; using System.Threading.Tasks; @@ -66,7 +66,6 @@ public void ConfigureServices(IServiceCollection services) options.MinimumSameSitePolicy = SameSiteMode.Strict; }); - services.AddSingleton(); services.AddTransient(); services.AddMvc(options => options.EnableEndpointRouting = false); diff --git a/microsoft-365-dke/src/customer-key-store/appsettings.Development.json b/microsoft-365-dke/src/unbound-key-store/appsettings.Development.json similarity index 100% rename from microsoft-365-dke/src/customer-key-store/appsettings.Development.json rename to microsoft-365-dke/src/unbound-key-store/appsettings.Development.json diff --git a/microsoft-365-dke/src/unbound-key-store/appsettings.json b/microsoft-365-dke/src/unbound-key-store/appsettings.json new file mode 100644 index 0000000..b5ce2df --- /dev/null +++ b/microsoft-365-dke/src/unbound-key-store/appsettings.json @@ -0,0 +1,18 @@ +{ + "AzureAd": { + "ClientId": "b5ce53be-8c41-428c-b32e-1b237c2d95c0", + "TenantId": "common", + "Authority": "https://login.microsoftonline.com/common/v2.0", + "TokenValidationParameters": { + "ValidIssuers": [ + "https://sts.windows.net/c34dbcdb-ac5e-4da6-a829-00a979e1ff89/" + ] + } + }, + + "AllowedHosts": "*", + "JwtAudience": "https://dkev4.azurewebsites.net/", + "JwtAuthorization": "https://login.windows.net/common/oauth2/authorize" + + +} diff --git a/microsoft-365-dke/src/customer-key-store/root@127.0.0.1 b/microsoft-365-dke/src/unbound-key-store/root@127.0.0.1 similarity index 100% rename from microsoft-365-dke/src/customer-key-store/root@127.0.0.1 rename to microsoft-365-dke/src/unbound-key-store/root@127.0.0.1 diff --git a/microsoft-365-dke/src/customer-key-store/customerkeystore.csproj b/microsoft-365-dke/src/unbound-key-store/unboundkeystore.csproj similarity index 100% rename from microsoft-365-dke/src/customer-key-store/customerkeystore.csproj rename to microsoft-365-dke/src/unbound-key-store/unboundkeystore.csproj From 2ab3b545100b47a00337e6a5ad3677ea853f176e Mon Sep 17 00:00:00 2001 From: mdvir Date: Sun, 25 Jul 2021 09:30:21 +0300 Subject: [PATCH 02/14] fix issues --- microsoft-365-dke/README.md | 16 +++++++++++++--- .../{ => data}/create_client_template.sh | 0 .../docker/{ => data}/create_partition.sh | 0 .../docker/{ => data}/register_new_client.sh | 0 .../register_new_client_ephemeral.sh | 0 microsoft-365-dke/docker/{ => data}/start.sh | 0 .../wait_for_ukc_cluster_to_start.sh | 0 microsoft-365-dke/docker/run_encrypt_demo.sh | 4 ---- .../src/unbound-key-store/Models/KeyManager.cs | 17 +++++------------ .../src/unbound-key-store/root@127.0.0.1 | Bin 336 -> 0 bytes 10 files changed, 18 insertions(+), 19 deletions(-) rename microsoft-365-dke/docker/{ => data}/create_client_template.sh (100%) rename microsoft-365-dke/docker/{ => data}/create_partition.sh (100%) rename microsoft-365-dke/docker/{ => data}/register_new_client.sh (100%) rename microsoft-365-dke/docker/{ => data}/register_new_client_ephemeral.sh (100%) rename microsoft-365-dke/docker/{ => data}/start.sh (100%) rename microsoft-365-dke/docker/{ => data}/wait_for_ukc_cluster_to_start.sh (100%) delete mode 100644 microsoft-365-dke/docker/run_encrypt_demo.sh delete mode 100644 microsoft-365-dke/src/unbound-key-store/root@127.0.0.1 diff --git a/microsoft-365-dke/README.md b/microsoft-365-dke/README.md index 6c84c07..2e241c7 100644 --- a/microsoft-365-dke/README.md +++ b/microsoft-365-dke/README.md @@ -17,10 +17,20 @@ https://docs.microsoft.com/en-us/microsoft-365/compliance/double-key-encryption 1. Goto azure portal -> App Services -> Create 2. Select your subscription and resource group and define the following instance details: -Runtime stack -> Net Core 3.1 +Publish ->Docker container Operation System -> Linux -3. At the bottom of the page, select Review + create, and then select Add. -4. goto Configuration -> general setttings -> under Startup Command enter "/home/site/wwwroot/data/start.sh" +3. At the bottom of the page, select Next: Docker +4. Fill with the following details: + Image Source -> Docker Hub + Access type -> public + Image and tag -> unboundukc/ms-dke-service:latest + 5. Click on Review + create button . +4. goto Configuration -> Application setttings -> add the following application settings: + a. EP_HOST_NAME - EP server name. + b. UKC_PARTITION - UKC partition name. + c. UKC_PASSWORD - The password used to login with 'so' user for the selected partition. + d. UKC_SERVER_IP - UKC server ip. + e. UKC_SO_PASSWORD - UKC so password. # Register your app service diff --git a/microsoft-365-dke/docker/create_client_template.sh b/microsoft-365-dke/docker/data/create_client_template.sh similarity index 100% rename from microsoft-365-dke/docker/create_client_template.sh rename to microsoft-365-dke/docker/data/create_client_template.sh diff --git a/microsoft-365-dke/docker/create_partition.sh b/microsoft-365-dke/docker/data/create_partition.sh similarity index 100% rename from microsoft-365-dke/docker/create_partition.sh rename to microsoft-365-dke/docker/data/create_partition.sh diff --git a/microsoft-365-dke/docker/register_new_client.sh b/microsoft-365-dke/docker/data/register_new_client.sh similarity index 100% rename from microsoft-365-dke/docker/register_new_client.sh rename to microsoft-365-dke/docker/data/register_new_client.sh diff --git a/microsoft-365-dke/docker/register_new_client_ephemeral.sh b/microsoft-365-dke/docker/data/register_new_client_ephemeral.sh similarity index 100% rename from microsoft-365-dke/docker/register_new_client_ephemeral.sh rename to microsoft-365-dke/docker/data/register_new_client_ephemeral.sh diff --git a/microsoft-365-dke/docker/start.sh b/microsoft-365-dke/docker/data/start.sh similarity index 100% rename from microsoft-365-dke/docker/start.sh rename to microsoft-365-dke/docker/data/start.sh diff --git a/microsoft-365-dke/docker/wait_for_ukc_cluster_to_start.sh b/microsoft-365-dke/docker/data/wait_for_ukc_cluster_to_start.sh similarity index 100% rename from microsoft-365-dke/docker/wait_for_ukc_cluster_to_start.sh rename to microsoft-365-dke/docker/data/wait_for_ukc_cluster_to_start.sh diff --git a/microsoft-365-dke/docker/run_encrypt_demo.sh b/microsoft-365-dke/docker/run_encrypt_demo.sh deleted file mode 100644 index 85497ff..0000000 --- a/microsoft-365-dke/docker/run_encrypt_demo.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -echo "Running the Java Encrypt demo" -javac -cp "/usr/lib/ekm-java-9-provider-2.0.jar:/usr/lib/ekm-java-utils.jar" /root/demo/com/unbound/samples/encrypt/*.java -java -Djava.library.path=/usr/lib64/:/usr/lib/ekm-java-9-provider-2.0.jar:/usr/lib/ekm-java-utils.jar:/usr/lib64/**/*.jar -cp /root/demo:/usr/lib/ekm-java-9-provider-2.0.jar:/usr/lib/ekm-java-utils.jar com.unbound.samples.encrypt.Main \ No newline at end of file diff --git a/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs b/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs index 42fef82..df24bdc 100644 --- a/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs @@ -15,6 +15,7 @@ namespace Microsoft.InformationProtection.Web.Models public class KeyManager { private readonly ILogger _logger; + public KeyManager(ILogger logger) { _logger = logger; @@ -23,6 +24,7 @@ public KeyManager(ILogger logger) public KeyData GetPublicKey(Uri requestUri, string keyName) { _logger.LogInformation("get public key : " + keyName ); + //requestUri.ThrowIfNull(nameof(requestUri)); keyName.ThrowIfNull(nameof(keyName)); PublicKeyCache cache = null; @@ -63,12 +65,8 @@ public KeyData GetPublicKey(Uri requestUri, string keyName) string nStrBase64 = Convert.ToBase64String((byte[])n.pValue); var KeyId = Convert.ToString((long)privateKeyUid.pValue,16); var publicKey = new PublicKey(nStrBase64,65537); - publicKey.KeyId = requestUri.GetLeftPart(UriPartial.Path) + "/" + KeyId; - string keyUrl = requestUri.GetLeftPart(UriPartial.Path) + "/" + KeyId; - if(!publicKey.KeyId.Contains("https")) - { - publicKey.KeyId = publicKey.KeyId.Replace("http","https"); - } + string websiteHostName = System.Environment.GetEnvironmentVariable("WEBSITE_HOSTNAME"); + publicKey.KeyId = "https://" + websiteHostName + "/" + KeyId; publicKey.KeyType = "RSA"; publicKey.Algorithm = "RS256"; @@ -79,7 +77,6 @@ public KeyData GetPublicKey(Uri requestUri, string keyName) public DecryptedData Decrypt(ClaimsPrincipal user, string keyName, string keyId, EncryptedData encryptedData) { _logger.LogInformation("decrypt called from key manager class for keyName : " + keyName + " and keyID : " + keyId ); - Console.WriteLine("decrypt called"); user.ThrowIfNull(nameof(user)); keyName.ThrowIfNull(nameof(keyName)); keyId.ThrowIfNull(nameof(keyId)); @@ -120,7 +117,6 @@ public DecryptedData Decrypt(ClaimsPrincipal user, string keyName, string keyId, byte[] plainData = Convert.FromBase64String(encryptedData.Value); - Console.WriteLine("Set RSA padding params"); CK_RSA_PKCS_OAEP_PARAMS oaepParams = new CK_RSA_PKCS_OAEP_PARAMS(); oaepParams.hashAlg = CK.CKM_SHA256; oaepParams.mgf = CK.CKG_MGF1_SHA256; @@ -129,10 +125,7 @@ public DecryptedData Decrypt(ClaimsPrincipal user, string keyName, string keyId, Library.C_DecryptInit(session, mech_rsa, foundKeyHandles[0]); byte[] decrypted = Library.C_Decrypt(session, plainData); - return new DecryptedData(Convert.ToBase64String(decrypted)); - - _logger.LogInformation("Faild to decrypt"); - throw new Exception("Faild to decrypt"); + return new DecryptedData(Convert.ToBase64String(decrypted)); } } } \ No newline at end of file diff --git a/microsoft-365-dke/src/unbound-key-store/root@127.0.0.1 b/microsoft-365-dke/src/unbound-key-store/root@127.0.0.1 deleted file mode 100644 index 76b94452ecd0082bff598915bad7fb1d7ee00117..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 336 zcmWIWW@h1H0D(1uhl9WjC=tsb!%&`IlwDkqn4DUy?~-4dl#}Y6TIrgXTvS<5l9`_u zoLW?tnVhO$T$HSzTv}X`pPO2wo1I#z3uG3h>L+F9>AR#Rm8R?GrIsWEMG^}NjP(rl z3xEb?7H8;(hHx@4yR6=k0K%me+zgB?AgjSdfHxzP95XJ5NkE+_!0^@)#H6t^Ss~8E Ta3U)k$Z|#?TnwbAgE$NT!0K9I From 0ad722fb62674b7a8786e331918fdf154d900cba Mon Sep 17 00:00:00 2001 From: mdvir Date: Sun, 25 Jul 2021 10:31:11 +0300 Subject: [PATCH 03/14] fixes --- .../src/unbound-key-store/Models/KeyManager.cs | 3 +-- .../src/unbound-key-store/Models/PublicKey.cs | 15 +-------------- 2 files changed, 2 insertions(+), 16 deletions(-) diff --git a/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs b/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs index df24bdc..b184f27 100644 --- a/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs @@ -27,7 +27,6 @@ public KeyData GetPublicKey(Uri requestUri, string keyName) //requestUri.ThrowIfNull(nameof(requestUri)); keyName.ThrowIfNull(nameof(keyName)); - PublicKeyCache cache = null; //use ukc to search the key byte[] keyNameBytes = Encoding.UTF8.GetBytes(keyName); @@ -70,7 +69,7 @@ public KeyData GetPublicKey(Uri requestUri, string keyName) publicKey.KeyType = "RSA"; publicKey.Algorithm = "RS256"; - return new KeyData(publicKey, cache); + return new KeyData(publicKey); } diff --git a/microsoft-365-dke/src/unbound-key-store/Models/PublicKey.cs b/microsoft-365-dke/src/unbound-key-store/Models/PublicKey.cs index 2d270cb..de19716 100644 --- a/microsoft-365-dke/src/unbound-key-store/Models/PublicKey.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/PublicKey.cs @@ -6,17 +6,14 @@ namespace Microsoft.InformationProtection.Web.Models //Changing the returned data can break consuming clients public class KeyData { - public KeyData(PublicKey key, PublicKeyCache cache) + public KeyData(PublicKey key) { this.Key = key; - this.Cache = cache; } [Newtonsoft.Json.JsonProperty("key")] public PublicKey Key { get; private set; } - [Newtonsoft.Json.JsonProperty("cache", NullValueHandling=Newtonsoft.Json.NullValueHandling.Ignore)] - public PublicKeyCache Cache { get; private set; } } public class PublicKey @@ -42,14 +39,4 @@ public PublicKey(string modulus, uint exponent) public string KeyId { get; set; } } - public class PublicKeyCache - { - public PublicKeyCache(string expiration) - { - this.Expiration = expiration; - } - - [Newtonsoft.Json.JsonProperty("exp")] - public string Expiration { get; private set; } - } } From 37412b8e654e5d1d7643b6382ace40736b7a3fd4 Mon Sep 17 00:00:00 2001 From: mdvir Date: Sun, 25 Jul 2021 11:16:44 +0300 Subject: [PATCH 04/14] fix to kid --- microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs b/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs index b184f27..63acf36 100644 --- a/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs @@ -65,7 +65,7 @@ public KeyData GetPublicKey(Uri requestUri, string keyName) var KeyId = Convert.ToString((long)privateKeyUid.pValue,16); var publicKey = new PublicKey(nStrBase64,65537); string websiteHostName = System.Environment.GetEnvironmentVariable("WEBSITE_HOSTNAME"); - publicKey.KeyId = "https://" + websiteHostName + "/" + KeyId; + publicKey.KeyId = "https://" + websiteHostName + "/" + keyName + "/" + KeyId; publicKey.KeyType = "RSA"; publicKey.Algorithm = "RS256"; From bab3fe543f0f9bbba4fc871873014a21dfe13942 Mon Sep 17 00:00:00 2001 From: mdvir Date: Sun, 25 Jul 2021 15:00:57 +0300 Subject: [PATCH 05/14] fixes --- microsoft-365-dke/README.md | 138 ++++++++++++------ microsoft-365-dke/docker/data/start.sh | 18 ++- .../Controllers/KeysController.cs | 6 +- .../unbound-key-store/Models/Authorizer.cs | 2 +- .../unbound-key-store/Models/DecryptedData.cs | 2 +- .../Models/EmailAuthorizer.cs | 4 +- .../unbound-key-store/Models/EncryptedData.cs | 2 +- .../src/unbound-key-store/Models/Key.cs | 2 +- .../src/unbound-key-store/Models/KeyData.cs | 2 +- .../unbound-key-store/Models/KeyManager.cs | 4 +- .../src/unbound-key-store/Models/KeyStore.cs | 2 +- .../src/unbound-key-store/Models/PublicKey.cs | 2 +- .../Models/RoleAuthorizer.cs | 4 +- .../unbound-key-store/Models/extensions.cs | 2 +- .../src/unbound-key-store/Startup.cs | 2 +- 15 files changed, 126 insertions(+), 66 deletions(-) diff --git a/microsoft-365-dke/README.md b/microsoft-365-dke/README.md index 2e241c7..e80550f 100644 --- a/microsoft-365-dke/README.md +++ b/microsoft-365-dke/README.md @@ -3,15 +3,26 @@ https://docs.microsoft.com/en-us/microsoft-365/compliance/double-key-encryption # Prerequisites -1. Make sure you have permissions to access Microsoft azure portal, and also can click the create new app service and create new app registration buttons. link: https://portal.azure.com/ +1. Make sure you can access [Microsoft azure portal](https://portal.azure.com/), and have the following permmisions: + + a. Create new app service. -2. Make sure you have permission to access Microsoft 365 compliance and you can click the create new label button : https://compliance.microsoft.com/informationprotection?viewid=sensitivitylabels + b. Create new app registration. -3. make sure you have Microsoft 365 E5 license. + b. Create new app service. + +2. Make sure you can access access [Microsoft 365 compliance](https://compliance.microsoft.com/informationprotection?viewid=sensitivitylabels) and you have the following permmisions: + + a. Create new label. + + b. publish a label. + +3. Make sure you have Microsoft 365 E5 license. 4. From UKC server: - a. create a partition "test" - b. create an RSA key in partition "test" with the following command : ucl generate -t RSA -n -p test. + + a. Create a partition name "test". + b. Create an RSA key in partition "test" using the following command : ucl generate -t RSA -n -p test. # Create new app service in azure portal @@ -24,13 +35,54 @@ Operation System -> Linux Image Source -> Docker Hub Access type -> public Image and tag -> unboundukc/ms-dke-service:latest - 5. Click on Review + create button . -4. goto Configuration -> Application setttings -> add the following application settings: - a. EP_HOST_NAME - EP server name. - b. UKC_PARTITION - UKC partition name. - c. UKC_PASSWORD - The password used to login with 'so' user for the selected partition. - d. UKC_SERVER_IP - UKC server ip. - e. UKC_SO_PASSWORD - UKC so password. + 5. Click on Review + create button . + 6. Wait for the deployment to finish and then click "Go to resource". + 7. On the sidebar click on Configuration -> Application setttings -> "Advanced edit" button -> add the following application settings to the json: + + a. EP_HOST_NAME - EP server name. + + b. UKC_PARTITION - UKC partition name. + + c. UKC_PASSWORD - The password used to login with 'so' user for the selected partition. + + d. UKC_SERVER_IP - UKC server ip. + + e. UKC_SO_PASSWORD - UKC so password. + + For example: + + ....... + { + "name": "EP_HOST_NAME", + "value": "ep1", + "slotSetting": false + }, + { + "name": "UKC_PARTITION", + "value": "test", + "slotSetting": false + }, + { + "name": "UKC_PASSWORD", + "value": "Unbound1!", + "slotSetting": false + }, + { + "name": "UKC_SERVER_IP", + "value": "54.174.121.27", + "slotSetting": false + }, + { + "name": "UKC_SO_PASSWORD", + "value": "Unbound1!", + "slotSetting": false + } + ......... + + + Alterntavly, you can add them manually by clicking the "New application settings" button. + + NOTE: Click save at top of the page when you done. # Register your app service @@ -54,15 +106,14 @@ If you're using Microsoft Azure with a non-custom domain, such as onmicrosoft.co For example: https://unbound-dke.azurewebsites.net -The URL you enter must match the hostname where your DKE service is deployed. - the scheme must be https. +The URL you enter must match the hostname where your DKE service is deployed and the scheme must be https. Ensure the hostname exactly matches your App Service hostname. 9. Under Implicit grant, select the ID tokens checkbox. -10. Select Save to save your changes. +10. Select Configure button when done. -11. On the left pane, select Expose an API, then next to Application ID URI, select Set. +11. On the left pane, select Expose an API, then next to Application ID URI, select Set and Save. 12. Still on the Expose an API page, in the Scopes defined by this API area, select Add a scope. In the new scope: @@ -74,8 +125,6 @@ Ensure the hostname exactly matches your App Service hostname. d. Select Add scope. - e. Select Save at the top to save your changes. - 13. Still on the Expose an API page, in the Authorized client applications area, select Add a client application. In the new client application: @@ -84,56 +133,51 @@ In the new client application: b. Under Authorized scopes, select the user_impersonation scope. - c. Select Add application. - - d. Select Save at the top to save your changes. + c. Select Add client application. Repeat these steps, but this time, define the client ID as c00e9d32-3c8d-4a7d-832b-029040e7db99. This value is the Azure Information Protection unified labeling client ID. -# Build the project - +# Create new label -3. open appsettings.json file - a. Locate the ValidIssuers setting and replace with your tenant ID. You can locate your tenant ID by going to the Azure portal and viewing the tenant properties. for example "https://sts.windows.net//" - b. Locate the JwtAudience setting and replace with the hostname of the machine where the DKE service will run - (you can view it on youre created app service page). for example https://unbound-dke-container.azurewebsites.net/ - c. locate the AuthorizedEmailAddress setting. - Add the email address or addresses that you want to authorize. Separate multiple email addresses with double quotes and commas. +1. Open [Microsoft 365 compliance](https://compliance.microsoft.com/informationprotection?viewid=sensitivitylabels) and click on the create new label button. -# publish the program to the app service -1. go to the program src folder and run: Dotnet publish +2. Fill the relevant details and click Next. -2. zip the created “publish” folder. For example: “publish.zip” +3. mark the "Files & emails" checkbox and click Next. -3. To create connection to your app service run : az webapp create-remote-connection --subscription '' --resource-group -n -For example : az webapp create-remote-connection --subscription 'c2727d11-526c-4244-8434-797dc6046f5e' --resource-group W_R -n "unbound-dkeV2" -then, ssh root@127.0.0.1 -p +4. Mark the "Encrypt files and emails" checkbox and click Next. -4. to publish the zip folder: az webapp deployment source config-zip --resource-group --name "" --src -For example: az webapp deployment source config-zip --resource-group W_R -n "unbound-dkeV2" --name "unbound-dkeV2" --src publish.zip +5. Chose the "Configure encryption settings radio button. -5. goto / and check if you see the key details. -for example: https://unbound-dke.azurewebsites.net/test1 +6. In the "Assign permissions now or let users decide?" dropdown Choose "assign permmision now". -# create new label +7. In the "Allow offline access" choose never. -1. open Microsoft 365 compliance and create new label. +8. Under "Assign permissions to specific users and groups", click assign permmisions-> choose and fill the relevant data. -2. mark the checkbox of “use double key encryption” and enter the app service url with the key you use fro encryption . For example : https://unbound-dkev2.azurewebsites.net/my_key +9. Mark the checkbox of “use double key encryption” and enter the app service url with the key you will use to encrypt/decrypt the files with . + For example : https://unbound-dke.azurewebsites.net/test1 and click Next. -3. choose the permmssion you like +10. Click the Next button 3 more times and then click Create label. # publish the label -1. open Microsoft 365 compliance and publish the labels created. +1. Open [Microsoft 365 compliance](https://compliance.microsoft.com/informationprotection?viewid=sensitivitylabelpolicies) and click on the Publish label button. + +2. Click choose sesitivity labels to publish and choose the the created label. + +3. Click the Next button 5 times. + +4. Fill the relevant data and click Next. +5. Click the submit button. # How to use the created label with office app? -1. install Microsoft Azure Information Protection from here: Azure Information Protection +1. Install Microsoft Azure Information Protection from [here](https://www.microsoft.com/en-us/download/details.aspx?id=53018) -2. open an office app like word/excel… +2. Open an office app like word/excel… -3. choose sensitivity->choose your created label->edit the document->save. +3. Choose sensitivity->choose your created label->edit the document->save. # Instructions to run in dev container diff --git a/microsoft-365-dke/docker/data/start.sh b/microsoft-365-dke/docker/data/start.sh index 57cce3e..b4129f9 100644 --- a/microsoft-365-dke/docker/data/start.sh +++ b/microsoft-365-dke/docker/data/start.sh @@ -1,10 +1,26 @@ #!/bin/bash -set -x +set -e export PORT=8080 export ASPNETCORE_URLS=http://*:$PORT +echo "check if all needed application settings are set:" +required_vars=(EP_HOST_NAME UKC_PARTITION UKC_SO_PASSWORD UKC_PASSWORD UKC_SERVER_IP) + +missing_vars=() +for i in "${required_vars[@]}" +do + test -n "${!i:+y}" || missing_vars+=("$i") +done +if [ ${#missing_vars[@]} -ne 0 ] +then + echo "The following variables are not set, but should be:" >&2 + printf ' %q\n' "${missing_vars[@]}" >&2 + exit 1 +fi + + echo "servers=$EP_HOST_NAME">/etc/ekm/client.conf echo "$UKC_SERVER_IP ep1" >> /etc/hosts diff --git a/microsoft-365-dke/src/unbound-key-store/Controllers/KeysController.cs b/microsoft-365-dke/src/unbound-key-store/Controllers/KeysController.cs index b9f7f00..11cfb5b 100644 --- a/microsoft-365-dke/src/unbound-key-store/Controllers/KeysController.cs +++ b/microsoft-365-dke/src/unbound-key-store/Controllers/KeysController.cs @@ -1,13 +1,13 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -namespace Microsoft.InformationProtection.Web.Controllers +namespace Unbound.Web.Controllers { using System; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http.Extensions; using Microsoft.AspNetCore.Mvc; - using ippw = Microsoft.InformationProtection.Web.Models; + using ippw = Unbound.Web.Models; //https://docs.microsoft.com/azure/active-directory/develop/scenario-protected-web-api-app-configuration public class KeysController : Controller { @@ -57,7 +57,7 @@ public IActionResult Decrypt(string keyName, string keyId, [FromBody] ippw.Encry } } - private static Uri GetRequestUri(AspNetCore.Http.HttpRequest request) + private static Uri GetRequestUri(Microsoft.AspNetCore.Http.HttpRequest request) { return new Uri(request.GetDisplayUrl()); } diff --git a/microsoft-365-dke/src/unbound-key-store/Models/Authorizer.cs b/microsoft-365-dke/src/unbound-key-store/Models/Authorizer.cs index 4aafa5b..1e59351 100644 --- a/microsoft-365-dke/src/unbound-key-store/Models/Authorizer.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/Authorizer.cs @@ -1,7 +1,7 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -namespace Microsoft.InformationProtection.Web.Models +namespace Unbound.Web.Models { using System.Security.Claims; public interface IAuthorizer diff --git a/microsoft-365-dke/src/unbound-key-store/Models/DecryptedData.cs b/microsoft-365-dke/src/unbound-key-store/Models/DecryptedData.cs index 2639849..494d0e8 100644 --- a/microsoft-365-dke/src/unbound-key-store/Models/DecryptedData.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/DecryptedData.cs @@ -1,6 +1,6 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -namespace Microsoft.InformationProtection.Web.Models +namespace Unbound.Web.Models { //This class implements the format of data returned from the /decrypt API //Changes in the returned format will break consuming clients diff --git a/microsoft-365-dke/src/unbound-key-store/Models/EmailAuthorizer.cs b/microsoft-365-dke/src/unbound-key-store/Models/EmailAuthorizer.cs index a92a60c..b87a6c5 100644 --- a/microsoft-365-dke/src/unbound-key-store/Models/EmailAuthorizer.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/EmailAuthorizer.cs @@ -1,11 +1,11 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -namespace Microsoft.InformationProtection.Web.Models +namespace Unbound.Web.Models { using System.Collections.Generic; using System.Security.Claims; - using Microsoft.InformationProtection.Web.Models.Extensions; + using Unbound.Web.Models.Extensions; public class EmailAuthorizer : IAuthorizer { private const string EmailClaim = ClaimTypes.Email; diff --git a/microsoft-365-dke/src/unbound-key-store/Models/EncryptedData.cs b/microsoft-365-dke/src/unbound-key-store/Models/EncryptedData.cs index 7288a48..0c73b3f 100644 --- a/microsoft-365-dke/src/unbound-key-store/Models/EncryptedData.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/EncryptedData.cs @@ -1,6 +1,6 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -namespace Microsoft.InformationProtection.Web.Models +namespace Unbound.Web.Models { //This class implements the format of data accepted in the /decrypt API //Changes in the format will break consuming clients diff --git a/microsoft-365-dke/src/unbound-key-store/Models/Key.cs b/microsoft-365-dke/src/unbound-key-store/Models/Key.cs index 54ae239..155152c 100644 --- a/microsoft-365-dke/src/unbound-key-store/Models/Key.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/Key.cs @@ -1,6 +1,6 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -namespace Microsoft.InformationProtection.Web.Models +namespace Unbound.Web.Models { public interface IKey { diff --git a/microsoft-365-dke/src/unbound-key-store/Models/KeyData.cs b/microsoft-365-dke/src/unbound-key-store/Models/KeyData.cs index a97d81e..f89e005 100644 --- a/microsoft-365-dke/src/unbound-key-store/Models/KeyData.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/KeyData.cs @@ -1,6 +1,6 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -namespace Microsoft.InformationProtection.Web.Models +namespace Unbound.Web.Models { public class KeyStoreData { diff --git a/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs b/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs index 63acf36..c56d35e 100644 --- a/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs @@ -1,10 +1,10 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -namespace Microsoft.InformationProtection.Web.Models +namespace Unbound.Web.Models { using System; using System.Security.Claims; - using Microsoft.InformationProtection.Web.Models.Extensions; + using Unbound.Web.Models.Extensions; using sg = System.Globalization; using unbound.cryptoki; using System.Linq; diff --git a/microsoft-365-dke/src/unbound-key-store/Models/KeyStore.cs b/microsoft-365-dke/src/unbound-key-store/Models/KeyStore.cs index 915dcfa..f72ef71 100644 --- a/microsoft-365-dke/src/unbound-key-store/Models/KeyStore.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/KeyStore.cs @@ -1,6 +1,6 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -namespace Microsoft.InformationProtection.Web.Models +namespace Unbound.Web.Models { public interface IKeyStore { diff --git a/microsoft-365-dke/src/unbound-key-store/Models/PublicKey.cs b/microsoft-365-dke/src/unbound-key-store/Models/PublicKey.cs index de19716..2279b8f 100644 --- a/microsoft-365-dke/src/unbound-key-store/Models/PublicKey.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/PublicKey.cs @@ -1,6 +1,6 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -namespace Microsoft.InformationProtection.Web.Models +namespace Unbound.Web.Models { //The classes in this file implement the format of public key data returned for a key //Changing the returned data can break consuming clients diff --git a/microsoft-365-dke/src/unbound-key-store/Models/RoleAuthorizer.cs b/microsoft-365-dke/src/unbound-key-store/Models/RoleAuthorizer.cs index a2f0142..b23975d 100644 --- a/microsoft-365-dke/src/unbound-key-store/Models/RoleAuthorizer.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/RoleAuthorizer.cs @@ -1,12 +1,12 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -namespace Microsoft.InformationProtection.Web.Models +namespace Unbound.Web.Models { using System.Collections.Generic; using System.DirectoryServices; using System.Security.Claims; using Microsoft.Extensions.Configuration; - using Microsoft.InformationProtection.Web.Models.Extensions; + using Unbound.Web.Models.Extensions; public class RoleAuthorizer : IAuthorizer { private const string SidClaim = "onprem_sid"; diff --git a/microsoft-365-dke/src/unbound-key-store/Models/extensions.cs b/microsoft-365-dke/src/unbound-key-store/Models/extensions.cs index d41c67b..3945d56 100644 --- a/microsoft-365-dke/src/unbound-key-store/Models/extensions.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/extensions.cs @@ -1,6 +1,6 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -namespace Microsoft.InformationProtection.Web.Models.Extensions +namespace Unbound.Web.Models.Extensions { public static class ExceptionExtensions { diff --git a/microsoft-365-dke/src/unbound-key-store/Startup.cs b/microsoft-365-dke/src/unbound-key-store/Startup.cs index b122567..d33270e 100644 --- a/microsoft-365-dke/src/unbound-key-store/Startup.cs +++ b/microsoft-365-dke/src/unbound-key-store/Startup.cs @@ -14,7 +14,7 @@ namespace UnboundKeyStore using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; - using ippw = Microsoft.InformationProtection.Web.Models; + using ippw = Unbound.Web.Models; public class Startup { From 4841198c3b513e0fbf355673762d9fc119b27f2d Mon Sep 17 00:00:00 2001 From: mdvir Date: Sun, 25 Jul 2021 15:07:38 +0300 Subject: [PATCH 06/14] readme fix --- microsoft-365-dke/README.md | 42 +++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/microsoft-365-dke/README.md b/microsoft-365-dke/README.md index e80550f..67e24d6 100644 --- a/microsoft-365-dke/README.md +++ b/microsoft-365-dke/README.md @@ -3,41 +3,50 @@ https://docs.microsoft.com/en-us/microsoft-365/compliance/double-key-encryption # Prerequisites -1. Make sure you can access [Microsoft azure portal](https://portal.azure.com/), and have the following permmisions: +1. Make sure you can access [Microsoft Azure portal](https://portal.azure.com/), and have the following permmisions: a. Create new app service. b. Create new app registration. - b. Create new app service. - 2. Make sure you can access access [Microsoft 365 compliance](https://compliance.microsoft.com/informationprotection?viewid=sensitivitylabels) and you have the following permmisions: a. Create new label. - b. publish a label. + b. Publish a label. 3. Make sure you have Microsoft 365 E5 license. 4. From UKC server: a. Create a partition name "test". + b. Create an RSA key in partition "test" using the following command : ucl generate -t RSA -n -p test. # Create new app service in azure portal -1. Goto azure portal -> App Services -> Create +1. Go to [Microsoft Azure portal](https://portal.azure.com/) -> App Services -> Create 2. Select your subscription and resource group and define the following instance details: -Publish ->Docker container -Operation System -> Linux + + Publish ->Docker container + + Operation System -> Linux + 3. At the bottom of the page, select Next: Docker + 4. Fill with the following details: + Image Source -> Docker Hub + Access type -> public + Image and tag -> unboundukc/ms-dke-service:latest - 5. Click on Review + create button . + + 5. Click on Review + create button. + 6. Wait for the deployment to finish and then click "Go to resource". - 7. On the sidebar click on Configuration -> Application setttings -> "Advanced edit" button -> add the following application settings to the json: + + 7. On the sidebar click on Configuration -> Application setttings -> "Advanced edit" button -> add the following application settings to the json : a. EP_HOST_NAME - EP server name. @@ -51,7 +60,7 @@ Operation System -> Linux For example: - ....... + ```....... { "name": "EP_HOST_NAME", "value": "ep1", @@ -77,7 +86,7 @@ Operation System -> Linux "value": "Unbound1!", "slotSetting": false } - ......... + .........``` Alterntavly, you can add them manually by clicking the "New application settings" button. @@ -86,7 +95,7 @@ Operation System -> Linux # Register your app service -1. In your browser, open the Microsoft Azure portal, and go to All Services > Identity > App Registrations. +1. In your browser, open the [Microsoft Azure portal](https://portal.azure.com/), and go to All Services > Identity > App Registrations. 2. Select New registration, and enter a meaningful name. @@ -143,7 +152,7 @@ Repeat these steps, but this time, define the client ID as c00e9d32-3c8d-4a7d-83 2. Fill the relevant details and click Next. -3. mark the "Files & emails" checkbox and click Next. +3. Mark the "Files & emails" checkbox and click Next. 4. Mark the "Encrypt files and emails" checkbox and click Next. @@ -178,10 +187,3 @@ Repeat these steps, but this time, define the client ID as c00e9d32-3c8d-4a7d-83 2. Open an office app like word/excel… 3. Choose sensitivity->choose your created label->edit the document->save. - -# Instructions to run in dev container - -1. open in devcontainer to build the container(or run the dockerFile) -2. build the project(run the build task) -3. start the program -4. navigate to https://localhost:5001/test1 From f82b273973c92da968290e4b911654b0351b3e1b Mon Sep 17 00:00:00 2001 From: mdvir Date: Sun, 25 Jul 2021 15:20:59 +0300 Subject: [PATCH 07/14] fix readme --- microsoft-365-dke/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/microsoft-365-dke/README.md b/microsoft-365-dke/README.md index 67e24d6..4e39af2 100644 --- a/microsoft-365-dke/README.md +++ b/microsoft-365-dke/README.md @@ -86,7 +86,8 @@ https://docs.microsoft.com/en-us/microsoft-365/compliance/double-key-encryption "value": "Unbound1!", "slotSetting": false } - .........``` + ......... + ``` Alterntavly, you can add them manually by clicking the "New application settings" button. From 8e0c776f6f2042023b91ca271b9b63a51c9af78b Mon Sep 17 00:00:00 2001 From: mdvir Date: Sun, 25 Jul 2021 15:23:50 +0300 Subject: [PATCH 08/14] readme --- microsoft-365-dke/README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/microsoft-365-dke/README.md b/microsoft-365-dke/README.md index 4e39af2..92efe40 100644 --- a/microsoft-365-dke/README.md +++ b/microsoft-365-dke/README.md @@ -60,7 +60,8 @@ https://docs.microsoft.com/en-us/microsoft-365/compliance/double-key-encryption For example: - ```....... + ``` + { { "name": "EP_HOST_NAME", "value": "ep1", @@ -85,9 +86,9 @@ https://docs.microsoft.com/en-us/microsoft-365/compliance/double-key-encryption "name": "UKC_SO_PASSWORD", "value": "Unbound1!", "slotSetting": false - } - ......... - ``` + } + } + ``` Alterntavly, you can add them manually by clicking the "New application settings" button. From 848d941ef613c92da306f7f302639e08010734a2 Mon Sep 17 00:00:00 2001 From: mdvir Date: Sun, 25 Jul 2021 15:27:53 +0300 Subject: [PATCH 09/14] readme --- microsoft-365-dke/docker/Dockerfile | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/microsoft-365-dke/docker/Dockerfile b/microsoft-365-dke/docker/Dockerfile index b4c4f6f..97926f9 100644 --- a/microsoft-365-dke/docker/Dockerfile +++ b/microsoft-365-dke/docker/Dockerfile @@ -22,17 +22,22 @@ RUN curl -LO# https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 mv jq /usr/bin RUN mkdir /root/data -COPY . /root/data - -ARG UKC_CLIENT_INSTALLER_URL -RUN echo "Downloading ${UKC_CLIENT_INSTALLER_URL}"; \ - curl -O# "${UKC_CLIENT_INSTALLER_URL}"; \ - echo "Installing $(basename ${UKC_CLIENT_INSTALLER_URL})"; \ - sudo apt install $(basename "${UKC_CLIENT_INSTALLER_URL}"); \ - rm $(basename "${UKC_CLIENT_INSTALLER_URL}"); \ +COPY data /root/data + +# ARG UKC_CLIENT_INSTALLER_URL +# RUN echo "Downloading ${UKC_CLIENT_INSTALLER_URL}"; \ +# curl -O# "${UKC_CLIENT_INSTALLER_URL}"; \ +# echo "Installing $(basename ${UKC_CLIENT_INSTALLER_URL})"; \ +# sudo apt install $(basename "${UKC_CLIENT_INSTALLER_URL}"); \ +# rm $(basename "${UKC_CLIENT_INSTALLER_URL}"); \ +# echo "UKC Client Installed successfully" + +######################################################################### +#TODO: REMOVE THIS +RUN sudo apt install /root/data/ekm_2.0.2103.39708.deb9_amd64.deb; \ + rm /root/data/ekm_2.0.2103.39708.deb9_amd64.deb; \ echo "UKC Client Installed successfully" - - +######################################################################### RUN chmod +x /root/data/*.sh; From 7ce835c00717dc9553f4d59bc427d2c9ee7fdef7 Mon Sep 17 00:00:00 2001 From: mdvir Date: Sun, 25 Jul 2021 15:28:03 +0300 Subject: [PATCH 10/14] readme --- microsoft-365-dke/README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/microsoft-365-dke/README.md b/microsoft-365-dke/README.md index 92efe40..8d2664e 100644 --- a/microsoft-365-dke/README.md +++ b/microsoft-365-dke/README.md @@ -60,8 +60,7 @@ https://docs.microsoft.com/en-us/microsoft-365/compliance/double-key-encryption For example: - ``` - { + ```json { "name": "EP_HOST_NAME", "value": "ep1", @@ -86,9 +85,9 @@ https://docs.microsoft.com/en-us/microsoft-365/compliance/double-key-encryption "name": "UKC_SO_PASSWORD", "value": "Unbound1!", "slotSetting": false - } - } + } ``` + Alterntavly, you can add them manually by clicking the "New application settings" button. From 34b01ecf0b379afdef3205569aad57fdc2009707 Mon Sep 17 00:00:00 2001 From: mdvir Date: Sun, 25 Jul 2021 15:28:20 +0300 Subject: [PATCH 11/14] Revert "readme" This reverts commit 848d941ef613c92da306f7f302639e08010734a2. --- microsoft-365-dke/docker/Dockerfile | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/microsoft-365-dke/docker/Dockerfile b/microsoft-365-dke/docker/Dockerfile index 97926f9..b4c4f6f 100644 --- a/microsoft-365-dke/docker/Dockerfile +++ b/microsoft-365-dke/docker/Dockerfile @@ -22,22 +22,17 @@ RUN curl -LO# https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 mv jq /usr/bin RUN mkdir /root/data -COPY data /root/data - -# ARG UKC_CLIENT_INSTALLER_URL -# RUN echo "Downloading ${UKC_CLIENT_INSTALLER_URL}"; \ -# curl -O# "${UKC_CLIENT_INSTALLER_URL}"; \ -# echo "Installing $(basename ${UKC_CLIENT_INSTALLER_URL})"; \ -# sudo apt install $(basename "${UKC_CLIENT_INSTALLER_URL}"); \ -# rm $(basename "${UKC_CLIENT_INSTALLER_URL}"); \ -# echo "UKC Client Installed successfully" - -######################################################################### -#TODO: REMOVE THIS -RUN sudo apt install /root/data/ekm_2.0.2103.39708.deb9_amd64.deb; \ - rm /root/data/ekm_2.0.2103.39708.deb9_amd64.deb; \ +COPY . /root/data + +ARG UKC_CLIENT_INSTALLER_URL +RUN echo "Downloading ${UKC_CLIENT_INSTALLER_URL}"; \ + curl -O# "${UKC_CLIENT_INSTALLER_URL}"; \ + echo "Installing $(basename ${UKC_CLIENT_INSTALLER_URL})"; \ + sudo apt install $(basename "${UKC_CLIENT_INSTALLER_URL}"); \ + rm $(basename "${UKC_CLIENT_INSTALLER_URL}"); \ echo "UKC Client Installed successfully" -######################################################################### + + RUN chmod +x /root/data/*.sh; From 964caf03c51a353b8556221327957d02c690145d Mon Sep 17 00:00:00 2001 From: mdvir Date: Sun, 25 Jul 2021 15:38:45 +0300 Subject: [PATCH 12/14] readme --- microsoft-365-dke/README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/microsoft-365-dke/README.md b/microsoft-365-dke/README.md index 8d2664e..212b186 100644 --- a/microsoft-365-dke/README.md +++ b/microsoft-365-dke/README.md @@ -60,7 +60,6 @@ https://docs.microsoft.com/en-us/microsoft-365/compliance/double-key-encryption For example: - ```json { "name": "EP_HOST_NAME", "value": "ep1", @@ -86,7 +85,7 @@ https://docs.microsoft.com/en-us/microsoft-365/compliance/double-key-encryption "value": "Unbound1!", "slotSetting": false } - ``` + From 996ae7fa94e998b3589531272b5f2a276c063cac Mon Sep 17 00:00:00 2001 From: mdvir Date: Sun, 25 Jul 2021 15:43:49 +0300 Subject: [PATCH 13/14] readme --- microsoft-365-dke/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/microsoft-365-dke/README.md b/microsoft-365-dke/README.md index 212b186..e8fe871 100644 --- a/microsoft-365-dke/README.md +++ b/microsoft-365-dke/README.md @@ -169,7 +169,7 @@ Repeat these steps, but this time, define the client ID as c00e9d32-3c8d-4a7d-83 10. Click the Next button 3 more times and then click Create label. -# publish the label +# Publish the label 1. Open [Microsoft 365 compliance](https://compliance.microsoft.com/informationprotection?viewid=sensitivitylabelpolicies) and click on the Publish label button. From 9ff18827597d1426c87ecdf721634be64ff1bdba Mon Sep 17 00:00:00 2001 From: mdvir Date: Sun, 25 Jul 2021 15:48:09 +0300 Subject: [PATCH 14/14] fix --- microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs b/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs index c56d35e..cfc017b 100644 --- a/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs +++ b/microsoft-365-dke/src/unbound-key-store/Models/KeyManager.cs @@ -112,7 +112,7 @@ public DecryptedData Decrypt(ClaimsPrincipal user, string keyName, string keyId, if(foundKeyHandles.Length == 0) throw new Exception("key" + keyName + " not found"); - _logger.LogInformation("encryptedData.Value = " + encryptedData.Value); + //_logger.LogInformation("encryptedData.Value = " + encryptedData.Value); byte[] plainData = Convert.FromBase64String(encryptedData.Value);