/// <summary>
/// GetUser method implementation
/// </summary>
public MFAWebAuthNUser GetUser(int challengesize, string username)
{
MFAWebAuthNUser result = new MFAWebAuthNUser()
{
Id = CheckSumEncoding.EncodeUserID(challengesize, username),
Name = username,
DisplayName = username
};
return(result);
}
/// <summary>
/// CreateCertificate method implmentation
/// </summary>
public override X509Certificate2 CreateCertificate(string upn, int validity, bool generatepassword = false)
{
string pass = string.Empty;
string strcert = string.Empty;
if (generatepassword)
{
pass = CheckSumEncoding.CheckSumAsString(upn);
}
return(Certs.CreateRSAEncryptionCertificateForUser(upn.ToLower(), validity, pass));
}
/// <summary>
/// GenerateKey method
/// </summary>
private byte[] GenerateKey(string username)
{
byte[] text = CheckSumEncoding.CheckSum(username);
byte[] buffer = new byte[128 + text.Length];
RandomNumberGenerator cryptoRandomDataGenerator = new RNGCryptoServiceProvider();
cryptoRandomDataGenerator.GetBytes(buffer, 0, 128);
Buffer.BlockCopy(text, 0, buffer, 128, text.Length);
return(buffer);
}
/// <summary>
/// ValidateKey method implmentation
/// </summary>
public override bool ValidateKey(string upn)
{
if (string.IsNullOrEmpty(upn))
{
return(false);
}
string lupn = upn.ToLower();
string key = ReadKey(lupn);
if (string.IsNullOrEmpty(key))
{
return(false);
}
if (HasStorageInfos(key))
{
using (var prov = new RSAEncryption(_xorsecret))
{
byte[] crypted = StripStorageInfos(key);
if (crypted == null)
{
return(false);
}
prov.Certificate = KeysStorage.GetUserCertificate(lupn, true);
byte[] cleared = prov.Decrypt(crypted, lupn);
if (cleared == null)
{
return(false); // Key corrupted
}
if (prov.CheckSum == null)
{
return(false); // Key corrupted
}
if (prov.CheckSum.SequenceEqual(CheckSumEncoding.CheckSum(lupn)))
{
return(true); // OK RSA
}
else
{
return(false); // Key corrupted
}
}
}
else
{
return(false);
}
}
/// <summary>
/// ValidateKey method implmentation
/// </summary>
public override bool ValidateKey(string upn)
{
if (string.IsNullOrEmpty(upn))
{
return(false);
}
string lupn = upn.ToLower();
string key = ReadKey(lupn);
if (string.IsNullOrEmpty(key))
{
return(false);
}
if (HasStorageInfos(key))
{
using (var prov = new AES256Encryption(XORSecret, KeySize))
{
byte[] crypted = StripStorageInfos(key);
if (crypted == null)
{
return(false);
}
byte[] cleared = prov.GetDecryptedKey(crypted, lupn);
if (cleared == null)
{
return(false); // Key corrupted
}
if (prov.CheckSum == null)
{
return(false); // Key corrupted
}
if (prov.CheckSum.SequenceEqual(CheckSumEncoding.CheckSum(lupn)))
{
return(true); // OK
}
else
{
return(false); // Key corrupted
}
}
}
else
{
return(false);
}
}
/// <summary>
/// ValidateKeyV1 method implmentation
/// </summary>
public override bool ValidateKey(string upn)
{
if (string.IsNullOrEmpty(upn))
{
return(false);
}
string lupn = upn.ToLower();
string key = ReadKey(lupn);
if (HasKeyPrefix(key))
{
using (var prov = new Encryption(_xorsecret))
{
string xkey = StripKeyPrefix(key);
byte[] crypted = System.Convert.FromBase64CharArray(xkey.ToCharArray(), 0, xkey.Length);
if (crypted == null)
{
return(false);
}
prov.Certificate = KeysStorage.GetUserCertificate(lupn, false);
byte[] cleared = prov.Decrypt(crypted, lupn);
if (cleared == null)
{
return(false); // Key corrupted
}
if (prov.CheckSum == null)
{
return(false); // Key corrupted
}
if (prov.CheckSum.SequenceEqual(CheckSumEncoding.CheckSum(lupn)))
{
return(true); // OK RSA
}
else
{
return(false); // Key corrupted
}
}
}
else
{
return(false);
}
}
/// <summary>
/// Decrypt method
/// </summary>
public override byte[] Decrypt(byte[] encryptedBytes, string username)
{
try
{
if (Certificate == null)
{
throw new Exception("Invalid decryption certificate !");
}
byte[] decryptedBytes = null;
var key = Certificate.GetRSAPrivateKey();
if (key == null)
{
throw new CryptographicException("Invalid private Key !");
}
if (key is RSACng)
{
decryptedBytes = ((RSACng)key).Decrypt(encryptedBytes, RSAEncryptionPadding.OaepSHA256);
}
else
{
decryptedBytes = ((RSACryptoServiceProvider)key).Decrypt(encryptedBytes, true);
}
MemoryStream mem = new MemoryStream(decryptedBytes);
string decryptedvalue = DeserializeFromStream(mem);
int l = Convert.ToInt32(decryptedvalue.Substring(32, 3));
string outval = decryptedvalue.Substring(35, l);
byte[] bytes = new byte[outval.Length * sizeof(char)];
Buffer.BlockCopy(outval.ToCharArray(), 0, bytes, 0, bytes.Length);
this.CheckSum = CheckSumEncoding.CheckSum(outval);
return(bytes);
}
catch (System.Security.Cryptography.CryptographicException ce)
{
Log.WriteEntry(string.Format("Crytograpphic Error for user {0} \r {1}", ce.Message, username), System.Diagnostics.EventLogEntryType.Error, 0000);
return(null);
}
catch (Exception ex)
{
Log.WriteEntry(string.Format("Crytograpphic Error for user {0} \r {1}", ex.Message, username), System.Diagnostics.EventLogEntryType.Error, 0000);
return(null);
}
}
/// <summary>
/// ProbeKey method implmentation
/// </summary>
public override byte[] ProbeKey(string upn)
{
if (string.IsNullOrEmpty(upn))
{
return(null);
}
string lupn = upn.ToLower();
string key = ReadKey(lupn);
if (string.IsNullOrEmpty(key))
{
return(null);
}
byte[] probed = null;
using (var prov = new RSAEncryption(XORSecret))
{
byte[] crypted = StripStorageInfos(key);
if (crypted == null)
{
return(null);
}
string pass = CheckSumEncoding.CheckSumAsString(lupn);
prov.Certificate = KeysStorage.GetUserCertificate(lupn, pass);
probed = prov.GetDecryptedKey(crypted, lupn);
if (probed == null)
{
return(null);
}
}
if (probed.Length > MAX_PROBE_LEN)
{
byte[] buffer = new byte[MAX_PROBE_LEN];
Buffer.BlockCopy(probed, 0, buffer, 0, MAX_PROBE_LEN);
return(buffer);
}
else
{
return(probed);
}
}
/// <summary>
/// GetUserCertificate method implmentation
/// </summary>
public override X509Certificate2 GetUserCertificate(string upn, bool generatepassword = false)
{
string pass = string.Empty;
if (generatepassword)
{
pass = CheckSumEncoding.CheckSumAsString(upn);
}
string request = "SELECT CERTIFICATE FROM KEYS WHERE UPN=@UPN";
SqlConnection con = new SqlConnection(_connectionstring);
SqlCommand sql = new SqlCommand(request, con);
SqlParameter prm = new SqlParameter("@UPN", SqlDbType.VarChar);
sql.Parameters.Add(prm);
prm.Value = upn.ToLower();
con.Open();
try
{
SqlDataReader rd = sql.ExecuteReader();
if (rd.Read())
{
string strcert = rd.GetString(0);
return(new X509Certificate2(Convert.FromBase64String(strcert), pass, X509KeyStorageFlags.Exportable)); // | X509KeyStorageFlags.PersistKeySet);
}
else
{
return(null);
}
}
catch (Exception ex)
{
DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5000);
throw new Exception(ex.Message);
}
finally
{
con.Close();
}
}
/// <summary>
/// NewKey method implementation
/// </summary>
public override string NewKey(string upn)
{
if (string.IsNullOrEmpty(upn))
{
return(null);
}
string lupn = upn.ToLower();
byte[] crypted = null;
using (var prov = new RSAEncryption(XORSecret))
{
string pass = CheckSumEncoding.CheckSumAsString(lupn);
prov.Certificate = KeysStorage.CreateCertificate(lupn, pass, Validity);
crypted = prov.NewEncryptedKey(lupn);
if (crypted == null)
{
return(null);
}
string outkey = AddStorageInfos(crypted);
return(KeysStorage.NewUserKey(lupn, outkey, prov.Certificate));
}
}
/// <summary>
/// DoUpdateUserCertificate method implementation
/// </summary>
private void DoUpdateUserCertificate(string upn, X509Certificate2 cert)
{
try
{
List <MFAUserKeys> _lst = _mfakeysusers.GetData();
_lst.Where(s => s.UserName.ToLower().Equals(upn.ToLower())).ToList()
.ForEach(s =>
{
s.UserCertificate = Convert.ToBase64String(cert.Export(X509ContentType.Pfx, CheckSumEncoding.CheckSumAsString(upn)));
cert.Reset();
});
_mfakeysusers.SetData(_lst);
}
catch (Exception ex)
{
DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5000);
throw new Exception(ex.Message);
}
return;
}
/// <summary>
/// DoInsertUserCertificate method implementation
/// </summary>
private void DoInsertUserCertificate(string upn, X509Certificate2 cert)
{
List <MFAUserKeys> _lst = _mfakeysusers.GetData();
try
{
MFAUserKeys _itm = new MFAUserKeys()
{
UserName = upn.ToLower(),
UserKey = string.Empty,
UserCertificate = Convert.ToBase64String(cert.Export(X509ContentType.Pfx, CheckSumEncoding.CheckSumAsString(upn)))
};
cert.Reset();
_lst.Add(_itm);
_mfakeysusers.SetData(_lst);
}
catch (Exception ex)
{
DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5000);
throw new Exception(ex.Message);
}
}
/// <summary>
/// UpdateStoredKey method implementation
/// </summary>
private string DoUpdateUserKey(string upn, string secretkey, X509Certificate2 certificate)
{
string request = "UPDATE KEYS SET SECRETKEY = @SECRETKEY, CERTIFICATE = @CERTIFICATE WHERE UPN=@UPN";
SqlConnection con = new SqlConnection(_connectionstring);
SqlCommand sql = new SqlCommand(request, con);
SqlParameter pupn = new SqlParameter("@UPN", SqlDbType.VarChar);
sql.Parameters.Add(pupn);
pupn.Value = upn.ToLower();
SqlParameter psecret = new SqlParameter("@SECRETKEY", SqlDbType.VarChar, 8000);
sql.Parameters.Add(psecret);
psecret.Value = secretkey;
SqlParameter pcert = new SqlParameter("@CERTIFICATE", SqlDbType.VarChar, 8000);
sql.Parameters.Add(pcert);
pcert.Value = Convert.ToBase64String(certificate.Export(X509ContentType.Pfx, CheckSumEncoding.CheckSumAsString(upn)));
con.Open();
try
{
int res = sql.ExecuteNonQuery();
}
catch (Exception ex)
{
DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5000);
throw new Exception(ex.Message);
}
finally
{
certificate.Reset();
con.Close();
}
return(secretkey);
}
