datalust · KodrAus · Mar 1, 2024 · Mar 1, 2024 · Mar 1, 2024 · Mar 1, 2024
diff --git a/src/SeqCli/Cli/Commands/Forwarder/InstallCommand.cs b/src/SeqCli/Cli/Commands/Forwarder/InstallCommand.cs
@@ -22,13 +22,13 @@
 using System.ServiceProcess;
 using System.Threading.Tasks;
 using Seq.Forwarder.Cli.Features;
-using Seq.Forwarder.ServiceProcess;
 using Seq.Forwarder.Util;
 using SeqCli;
 using SeqCli.Cli;
 using SeqCli.Cli.Features;
 using SeqCli.Config;
 using SeqCli.Config.Forwarder;
+using SeqCli.Forwarder.ServiceProcess;
 using SeqCli.Forwarder.Util;
 
 // ReSharper disable once ClassNeverInstantiated.Global
@@ -97,13 +97,13 @@ int Setup()
             {
                 Console.WriteLine("Checking the status of the Seq Forwarder service...");
 
-                controller = new ServiceController(SeqForwarderWindowsService.WindowsServiceName);
+                controller = new ServiceController(SeqCliForwarderWindowsService.WindowsServiceName);
                 Console.WriteLine("Status is {0}", controller.Status);
             }
             catch (InvalidOperationException)
             {
                 Install();
-                var controller2 = new ServiceController(SeqForwarderWindowsService.WindowsServiceName);
+                var controller2 = new ServiceController(SeqCliForwarderWindowsService.WindowsServiceName);
                 return Start(controller2);
             }
 
@@ -219,7 +219,7 @@ void Install()
 
             var binPath = forwarderRunCmdline.Replace("\"", "\\\"");
 
-            var scCmdline = "create \"" + SeqForwarderWindowsService.WindowsServiceName + "\"" +
+            var scCmdline = "create \"" + SeqCliForwarderWindowsService.WindowsServiceName + "\"" +
                             " binPath= \"" + binPath + "\"" +
                             " start= auto" +
                             " depend= Winmgmt/Tcpip/CryptSvc";
@@ -234,10 +234,10 @@ void Install()
             }
 
             Console.WriteLine("Setting service restart policy...");
-            if (0 != CaptiveProcess.Run(sc, $"failure \"{SeqForwarderWindowsService.WindowsServiceName}\" actions= restart/60000/restart/60000/restart/60000// reset= 600000", Console.WriteLine, Console.WriteLine))
+            if (0 != CaptiveProcess.Run(sc, $"failure \"{SeqCliForwarderWindowsService.WindowsServiceName}\" actions= restart/60000/restart/60000/restart/60000// reset= 600000", Console.WriteLine, Console.WriteLine))
                 Console.WriteLine("Could not set service restart policy; ignoring");
             Console.WriteLine("Setting service description...");
-            if (0 != CaptiveProcess.Run(sc, $"description \"{SeqForwarderWindowsService.WindowsServiceName}\" \"Durable storage and forwarding of application log events\"", Console.WriteLine, Console.WriteLine))
+            if (0 != CaptiveProcess.Run(sc, $"description \"{SeqCliForwarderWindowsService.WindowsServiceName}\" \"Durable storage and forwarding of application log events\"", Console.WriteLine, Console.WriteLine))
                 Console.WriteLine("Could not set service description; ignoring");
 
             Console.WriteLine("Service installed successfully.");

diff --git a/src/SeqCli/Cli/Commands/Forwarder/RestartCommand.cs b/src/SeqCli/Cli/Commands/Forwarder/RestartCommand.cs
@@ -19,8 +19,8 @@
 using System.IO;
 using System.ServiceProcess;
 using System.Threading.Tasks;
-using Seq.Forwarder.ServiceProcess;
 using SeqCli.Cli;
+using SeqCli.Forwarder.ServiceProcess;
 
 // ReSharper disable UnusedType.Global
 
@@ -34,7 +34,7 @@ protected override Task<int> Run()
         {
             try
             {
-                var controller = new ServiceController(SeqForwarderWindowsService.WindowsServiceName);
+                var controller = new ServiceController(SeqCliForwarderWindowsService.WindowsServiceName);
 
                 if (controller.Status != ServiceControllerStatus.Stopped)
                 {

diff --git a/src/SeqCli/Cli/Commands/Forwarder/RunCommand.cs b/src/SeqCli/Cli/Commands/Forwarder/RunCommand.cs
@@ -33,6 +33,10 @@
 using Serilog.Events;
 using Serilog.Formatting.Compact;
 
+#if WINDOWS
+using SeqCli.Forwarder.ServiceProcess;
+#endif
+
 // ReSharper disable UnusedType.Global
 
 namespace SeqCli.Cli.Commands.Forwarder;
@@ -170,7 +174,7 @@ static int RunService(ServerService service)
     {
 #if WINDOWS
             System.ServiceProcess.ServiceBase.Run([
-                new SeqForwarderWindowsService(service)
+                new SeqCliForwarderWindowsService(service)
             ]);
             return 0;
 #else

diff --git a/src/SeqCli/Cli/Commands/Forwarder/StartCommand.cs b/src/SeqCli/Cli/Commands/Forwarder/StartCommand.cs
@@ -19,8 +19,8 @@
 using System.IO;
 using System.ServiceProcess;
 using System.Threading.Tasks;
-using Seq.Forwarder.ServiceProcess;
 using SeqCli.Cli;
+using SeqCli.Forwarder.ServiceProcess;
 
 namespace Seq.Forwarder.Cli.Commands
 {
@@ -32,7 +32,7 @@ protected override Task<int> Run()
         {
             try
             {
-                var controller = new ServiceController(SeqForwarderWindowsService.WindowsServiceName);
+                var controller = new ServiceController(SeqCliForwarderWindowsService.WindowsServiceName);
                 if (controller.Status != ServiceControllerStatus.Stopped)
                 {
                     Console.WriteLine("Cannot start {0}, current status is: {1}", controller.ServiceName, controller.Status);

diff --git a/src/SeqCli/Cli/Commands/Forwarder/StatusCommand.cs b/src/SeqCli/Cli/Commands/Forwarder/StatusCommand.cs
@@ -19,8 +19,8 @@
 using System.IO;
 using System.ServiceProcess;
 using System.Threading.Tasks;
-using Seq.Forwarder.ServiceProcess;
 using SeqCli.Cli;
+using SeqCli.Forwarder.ServiceProcess;
 
 namespace Seq.Forwarder.Cli.Commands
 {
@@ -32,7 +32,7 @@ protected override Task<int> Run()
         {
             try
             {
-                var controller = new ServiceController(SeqForwarderWindowsService.WindowsServiceName);
+                var controller = new ServiceController(SeqCliForwarderWindowsService.WindowsServiceName);
                 Console.WriteLine("The Seq Forwarder service is installed and {0}.", controller.Status.ToString().ToLowerInvariant());
             }
             catch (InvalidOperationException)

diff --git a/src/SeqCli/Cli/Commands/Forwarder/StopCommand.cs b/src/SeqCli/Cli/Commands/Forwarder/StopCommand.cs
@@ -19,8 +19,8 @@
 using System.IO;
 using System.ServiceProcess;
 using System.Threading.Tasks;
-using Seq.Forwarder.ServiceProcess;
 using SeqCli.Cli;
+using SeqCli.Forwarder.ServiceProcess;
 
 namespace Seq.Forwarder.Cli.Commands
 {
@@ -32,7 +32,7 @@ protected override Task<int> Run()
         {
             try
             {
-                var controller = new ServiceController(SeqForwarderWindowsService.WindowsServiceName);
+                var controller = new ServiceController(SeqCliForwarderWindowsService.WindowsServiceName);
 
                 if (controller.Status != ServiceControllerStatus.Running)
                 {

diff --git a/src/SeqCli/Cli/Commands/Forwarder/UninstallCommand.cs b/src/SeqCli/Cli/Commands/Forwarder/UninstallCommand.cs
@@ -17,9 +17,9 @@
 using System; 
 using System.IO;
 using System.Threading.Tasks;
-using Seq.Forwarder.ServiceProcess;
 using Seq.Forwarder.Util;
 using SeqCli.Cli;
+using SeqCli.Forwarder.ServiceProcess;
 using SeqCli.Forwarder.Util;
 
 namespace Seq.Forwarder.Cli.Commands
@@ -34,7 +34,7 @@ protected override Task<int> Run()
                 Console.WriteLine("Uninstalling service...");
 
                 var sc = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.System), "sc.exe");
-                var exitCode = CaptiveProcess.Run(sc, $"delete \"{SeqForwarderWindowsService.WindowsServiceName}\"", Console.WriteLine, Console.WriteLine);
+                var exitCode = CaptiveProcess.Run(sc, $"delete \"{SeqCliForwarderWindowsService.WindowsServiceName}\"", Console.WriteLine, Console.WriteLine);
                 if (exitCode != 0)
                     throw new InvalidOperationException($"The `sc.exe delete` call failed with exit code {exitCode}.");
 

diff --git a/src/SeqCli/Cli/Commands/Profile/CreateCommand.cs b/src/SeqCli/Cli/Commands/Profile/CreateCommand.cs
@@ -49,7 +49,9 @@ int RunSync()
         try
         {
             var config = SeqCliConfig.Read();
-            config.Profiles[_name] = new ConnectionConfig { ServerUrl = _url, ApiKey = _apiKey };
+            var connectionConfig = new ConnectionConfig { ServerUrl = _url };
+            connectionConfig.EncodeApiKey(_apiKey, config.Encryption.DataProtector());
+            config.Profiles[_name] = connectionConfig;
             SeqCliConfig.Write(config);
             return 0;
         }

diff --git a/src/SeqCli/Cli/Features/StoragePathFeature.cs b/src/SeqCli/Cli/Features/StoragePathFeature.cs
@@ -1,5 +1,6 @@
 using System;
 using System.IO;
+using SeqCli.Forwarder.ServiceProcess;
 
 namespace SeqCli.Cli.Features;
 
@@ -49,7 +50,7 @@ static string GetDefaultStorageRoot()
     {
 #if WINDOWS
         if (Seq.Forwarder.Util.ServiceConfiguration.GetServiceStoragePath(
-            Seq.Forwarder.ServiceProcess.SeqForwarderWindowsService.WindowsServiceName, out var storage))
+            SeqCliForwarderWindowsService.WindowsServiceName, out var storage))
             return storage;
 #endif
 

diff --git a/src/SeqCli/Config/ConnectionConfig.cs b/src/SeqCli/Config/ConnectionConfig.cs
@@ -13,8 +13,9 @@
 // limitations under the License.
 
 using System;
+using System.Text;
 using Newtonsoft.Json;
-using SeqCli.Forwarder.Cryptography;
+using SeqCli.Encryptor;
 using SeqCli.Util;
 
 namespace SeqCli.Config;
@@ -23,47 +24,37 @@ public class ConnectionConfig
 {
     const string ProtectedDataPrefix = "pd.";
 
+    static readonly Encoding ProtectedDataEncoding = new UTF8Encoding(false);
+
     public string ServerUrl { get; set; } = "http://localhost:5341";
 
     [JsonProperty("apiKey")]
     public string? EncodedApiKey { get; set; }
 
-    [JsonIgnore]
-    public string? ApiKey
+    public string? DecodeApiKey(IDataProtector dataProtector)
     {
-        get
-        {
-            if (string.IsNullOrWhiteSpace(EncodedApiKey))
-                return null;
-
-            if (!OperatingSystem.IsWindows())
-                return EncodedApiKey;
+        if (string.IsNullOrWhiteSpace(EncodedApiKey))
+            return null;
+
+        if (!EncodedApiKey.StartsWith(ProtectedDataPrefix))
+            return EncodedApiKey;
 
-            if (!EncodedApiKey.StartsWith(ProtectedDataPrefix))
-                return EncodedApiKey;
+        return ProtectedDataEncoding.GetString(dataProtector.Decrypt(Convert.FromBase64String(EncodedApiKey[ProtectedDataPrefix.Length..])));
+    }
 
-            return UserScopeDataProtection.Unprotect(EncodedApiKey.Substring(ProtectedDataPrefix.Length));
-        }
-        set
+    public void EncodeApiKey(string? apiKey, IDataProtector dataProtector)
+    {
+        if (apiKey == null)
         {
-            if (string.IsNullOrWhiteSpace(value))
-            {
-                EncodedApiKey = null;
-                return;
-            }
-
-            if (OperatingSystem.IsWindows())
-                EncodedApiKey = $"{ProtectedDataPrefix}{UserScopeDataProtection.Protect(value)}";
-            else
-                EncodedApiKey = value;
+            EncodedApiKey = null;
+            return;
         }
-    }
 
-    public string? GetApiKey(IStringDataProtector dataProtector)
-    {
-        throw new NotImplementedException();
+        var encoded = dataProtector.Encrypt(ProtectedDataEncoding.GetBytes(apiKey));
+
+        EncodedApiKey = $"{ProtectedDataPrefix}{Convert.ToBase64String(encoded)}";
     }
-    
+
     public uint? PooledConnectionLifetimeMilliseconds { get; set; } = null;
     public ulong EventBodyLimitBytes { get; set; } = 256 * 1024;
     public ulong PayloadLimitBytes { get; set; } = 10 * 1024 * 1024;

diff --git a/src/SeqCli/Config/SeqCliConfig.cs b/src/SeqCli/Config/SeqCliConfig.cs
@@ -57,7 +57,7 @@ public static void Write(SeqCliConfig data)
     public ConnectionConfig Connection { get; set; } = new();
     public OutputConfig Output { get; set; } = new();
     public ForwarderConfig Forwarder { get; set; } = new();
-    public SeqCliEncryptionProviderConfig EncryptionProviderProvider { get; set; } = new SeqCliEncryptionProviderConfig();
+    public SeqCliEncryptionProviderConfig Encryption { get; set; } = new SeqCliEncryptionProviderConfig();
 
     public Dictionary<string, ConnectionConfig> Profiles { get; } = new(StringComparer.OrdinalIgnoreCase);
 }
diff --git a/src/SeqCli/Config/SeqCliEncryptionProviderConfig.cs b/src/SeqCli/Config/SeqCliEncryptionProviderConfig.cs
@@ -12,6 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+using SeqCli.Encryptor;
+
 namespace SeqCli.Config;
 
 public class SeqCliEncryptionProviderConfig
@@ -21,4 +23,18 @@ public class SeqCliEncryptionProviderConfig
 
     public string? Decryptor { get; set; }
     public string? DecryptorArgs { get; set; }
+
+    public IDataProtector DataProtector()
+    {
+#if WINDOWS
+        return new WindowsNativeDataProtector();
+#else
+        if (!string.IsNullOrWhiteSpace(Encryptor) && !string.IsNullOrWhiteSpace(Decryptor))
+        {
+            return new ExternalDataProtector(this);
+        }
+
+        return new PlaintextDataProtector();
+#endif
+    }
 }
diff --git a/src/SeqCli/Connection/SeqConnectionFactory.cs b/src/SeqCli/Connection/SeqConnectionFactory.cs
@@ -16,6 +16,7 @@
 using Seq.Api;
 using SeqCli.Cli.Features;
 using SeqCli.Config;
+using SeqCli.Encryptor;
 
 namespace SeqCli.Connection;
 
@@ -50,12 +51,12 @@ public SeqConnection Connect(ConnectionFeature connection)
                 throw new ArgumentException($"A profile named `{connection.ProfileName}` was not found; see `seqcli profile list` for available profiles.");
 
             url = profile.ServerUrl;
-            apiKey = profile.ApiKey;
+            apiKey = profile.DecodeApiKey(_config.Encryption.DataProtector());
         }
         else
         {
             url = _config.Connection.ServerUrl;
-            apiKey = connection.IsApiKeySpecified ? connection.ApiKey : _config.Connection.ApiKey;
+            apiKey = connection.IsApiKeySpecified ? connection.ApiKey : _config.Connection.DecodeApiKey(_config.Encryption.DataProtector());
         }
 
         return (url, apiKey);

diff --git a/src/SeqCli/Encryptor/ExternalEncryption.cs → ...SeqCli/Encryptor/ExternalDataProtector.cs b/src/SeqCli/Encryptor/ExternalEncryption.cs → ...SeqCli/Encryptor/ExternalDataProtector.cs
@@ -7,9 +7,9 @@
 
 namespace SeqCli.Encryptor;
 
-public class ExternalEncryption : IEncryption
+public class ExternalDataProtector : IDataProtector
 {
-    public ExternalEncryption(SeqCliEncryptionProviderConfig providerConfig)
+    public ExternalDataProtector(SeqCliEncryptionProviderConfig providerConfig)
     {
         _encryptor = providerConfig.Encryptor!;
         _encryptorArgs = providerConfig.EncryptorArgs;

diff --git a/src/SeqCli/Encryptor/IEncryption.cs → src/SeqCli/Encryptor/IDataProtector.cs b/src/SeqCli/Encryptor/IEncryption.cs → src/SeqCli/Encryptor/IDataProtector.cs
@@ -1,6 +1,6 @@
 namespace SeqCli.Encryptor;
 
-public interface IEncryption
+public interface IDataProtector
 {
     public byte[] Encrypt(byte[] unencrypted);
     public byte[] Decrypt(byte[] encrypted);

diff --git a/src/SeqCli/Encryptor/PlaintextEncryption.cs → ...eqCli/Encryptor/PlaintextDataProtector.cs b/src/SeqCli/Encryptor/PlaintextEncryption.cs → ...eqCli/Encryptor/PlaintextDataProtector.cs
@@ -1,6 +1,6 @@
 namespace SeqCli.Encryptor;
 
-class PlaintextEncryption : IEncryption
+class PlaintextDataProtector : IDataProtector
 {
     public byte[] Encrypt(byte[] unencrypted)
     {

diff --git a/...qCli/Encryptor/WindowsNativeEncryption.cs → ...i/Encryptor/WindowsNativeDataProtector.cs b/...qCli/Encryptor/WindowsNativeEncryption.cs → ...i/Encryptor/WindowsNativeDataProtector.cs
@@ -5,7 +5,7 @@
 
 namespace SeqCli.Encryptor;
 
-public class WindowsNativeEncryption : IEncryption
+public class WindowsNativeDataProtector : IDataProtector
 {
     public byte[] Encrypt(byte[] unencrypted)
     {