public U2FServerReferenceImpl(IChallengeGenerator challengeGenerator, IServerDataStore dataStore, IServerCrypto cryto,
ICollection <string> origins)
{
// Object Identifier for the attestation certificate transport extension fidoU2FTransports
// The number of bits in a byte. It is used to know at which index in a BitSet to look for
// specific transport values
// TODO: use these for channel id checks in verifyBrowserData
this.challengeGenerator = challengeGenerator;
this.dataStore = dataStore;
this.cryto = cryto;
allowedOrigins = CanonicalizeOrigins(origins);
}
public virtual void Setup()
{
mockChallengeGenerator = new Mock<IChallengeGenerator>();
mockSessionIdGenerator = new Mock<ISessionIdGenerator>();
mockDataStore = new Mock<IServerDataStore>();
crypto = new BouncyCastleServerCrypto();
var trustedCertificates = new List<X509Certificate> {VENDOR_CERTIFICATE};
mockChallengeGenerator.Setup(x => x.GenerateChallenge(ACCOUNT_NAME)).Returns(SERVER_CHALLENGE_ENROLL);
mockSessionIdGenerator.Setup(x => x.GenerateSessionId(ACCOUNT_NAME)).Returns(SESSION_ID);
mockDataStore.Setup(x => x.StoreSessionData(It.IsAny<EnrollSessionData>())).Returns(SESSION_ID);
mockDataStore.Setup(x => x.GetTrustedCertificates()).Returns(trustedCertificates);
mockDataStore.Setup(x => x.GetSecurityKeyData(ACCOUNT_NAME))
.Returns(
new[] {new SecurityKeyData(0L, KEY_HANDLE, USER_PUBLIC_KEY_SIGN_HEX, VENDOR_CERTIFICATE, 0)}.ToList());
}
public virtual void Setup()
{
mockChallengeGenerator = new Mock <IChallengeGenerator>();
mockSessionIdGenerator = new Mock <ISessionIdGenerator>();
mockDataStore = new Mock <IServerDataStore>();
crypto = new BouncyCastleServerCrypto();
var trustedCertificates = new List <X509Certificate> {
VENDOR_CERTIFICATE
};
mockChallengeGenerator.Setup(x => x.GenerateChallenge(ACCOUNT_NAME)).Returns(SERVER_CHALLENGE_ENROLL);
mockSessionIdGenerator.Setup(x => x.GenerateSessionId(ACCOUNT_NAME)).Returns(SESSION_ID);
mockDataStore.Setup(x => x.StoreSessionData(It.IsAny <EnrollSessionData>())).Returns(SESSION_ID);
mockDataStore.Setup(x => x.GetTrustedCertificates()).Returns(trustedCertificates);
mockDataStore.Setup(x => x.GetSecurityKeyData(ACCOUNT_NAME))
.Returns(
new[] { new SecurityKeyData(0L, KEY_HANDLE, USER_PUBLIC_KEY_SIGN_HEX, VENDOR_CERTIFICATE, 0) }.ToList());
}
/// <summary>
/// Detects the encryption algorithm and loads the custom one if present and required
/// </summary>
/// <param name="a">zip archive</param>
/// <param name="cfg">loaded config</param>
private void CryptoLoader(ZipArchive a, EncryptedServerConfig cfg)
{
switch (cfg.Encryption)
{
case EncryptedServerConfig.EncryptionType.AES:
crypto = new ServerCryptoAES();
break;
case EncryptedServerConfig.EncryptionType.CUSTOM:
using (var cat = new AggregateCatalog()) {
using (var ac = new AssemblyCatalog(Assembly.Load(ReadZipEntry(a.GetEntry(cfg.CryptoFileName))))) {
cat.Catalogs.Add(ac);
using (var loader = new CompositionContainer(cat))
loader.ComposeParts(this);
}
}
break;
default:
break;
}
}
private void Button_Click_2(object sender, RoutedEventArgs e)
{
var dlg = new Microsoft.Win32.OpenFileDialog {
DefaultExt = "*.dll",
CheckFileExists = true,
CheckPathExists = true,
Multiselect = false,
RestoreDirectory = true,
DereferenceLinks = true,
Title = "Please select a DLL that Implements IServerCrypto",
Filter = "Crypto Files *.dll|*.dll"
};
if (dlg.ShowDialog() == true)
{
crypto = null;
status[3] = false;
try {
using (var cat = new AggregateCatalog()) {
cat.Catalogs.Add(new DirectoryCatalog(Path.GetDirectoryName(dlg.FileName), Path.GetFileName(dlg.FileName)));
var loader = new CompositionContainer(cat);
loader.ComposeParts(this);
}
cryptoPath = dlg.FileName;
status[3] = true;
(sender as Button).Content = Path.GetFileName(dlg.FileName);
}
catch (Exception ex) {
MessageBox.Show(ex.ToString(), "Error Loading Crypto");
return;
}
finally {
ShowStatus();
}
}
}
private void Button_Click_3(object sender, RoutedEventArgs e)
{
if (pwA.Password != pwB.Password)
{
MessageBox.Show("Passwords unequal", "Error");
return;
}
if (pwA.Password.Length == 0)
{
MessageBox.Show("No Password given", "Error");
return;
}
if (string.IsNullOrWhiteSpace(serverFilePath))
{
MessageBox.Show("No Server DLL Specified", "Error");
return;
}
status[1] = true;
pb.IsIndeterminate = true;
var dlg = new Microsoft.Win32.SaveFileDialog()
{
RestoreDirectory = true,
AddExtension = true,
DefaultExt = "*.edll",
FileName = Path.GetFileNameWithoutExtension(serverFilePath),
DereferenceLinks = true,
Title = "Save as",
ValidateNames = true,
Filter = "Encrypted Server *.edll|*.edll"
};
if (dlg.ShowDialog() == false)
{
pb.IsIndeterminate = false;
return;
}
switch (encryptionType)
{
case EncryptedServerConfig.EncryptionType.AES:
crypto = new ServerCryptoAES();
break;
}
cfg.Encryption = encryptionType;
var enc = new CryptoWrapper <IServerCrypto>(crypto);
var mutated = enc.KeyMutation(pwA.SecurePassword);
var dat = new Dictionary <string, byte[]>();
try {
foreach (var f in localFiles)
{
var sh = Path.GetFileName(f);
dat.Add(sh, enc.Encrypt(File.ReadAllBytes(f), mutated));
cfg.EncryptedFiles.Add(sh);
}
dat.Add(cfg.ServerFileName, enc.Encrypt(File.ReadAllBytes(serverFilePath), mutated));
if (encryptionType == EncryptedServerConfig.EncryptionType.CUSTOM)
{
cfg.CryptoFileName = Path.GetFileName(cryptoPath);
dat.Add(cfg.CryptoFileName, File.ReadAllBytes(cryptoPath));
}
}
catch (Exception ex) {
MessageBox.Show(ex.ToString(), "ERROR reading and encrypting files");
pb.IsIndeterminate = false;
return;
}
try {
if (File.Exists(dlg.FileName))
{
File.Delete(dlg.FileName);
}
using (var fs = File.Open(dlg.FileName, FileMode.CreateNew)) {
using (var a = new ZipArchive(fs, ZipArchiveMode.Create)) {
foreach (var k in dat.Keys)
{
using (var eStream = a.CreateEntry(k).Open())
eStream.Write(dat[k], 0, dat[k].Length);
}
using (var configStream = a.CreateEntry(EncryptedServerConfig.ConfigFileName).Open())
cfg.Save(configStream);
}
}
}
catch (Exception ex) {
MessageBox.Show(ex.ToString(), "ERROR compressing files");
pb.IsIndeterminate = false;
return;
}
status[5] = true;
pb.IsIndeterminate = false;
ShowStatus();
}
