public object CheckSsoCertificate()
{
CheckSsoPermissions();
var log = LogManager.GetLogger(typeof(SettingsApi));
try
{
var settings = SsoSettings.Load();
if (!string.IsNullOrEmpty(settings.ClientPassword))
{
settings.ClientPassword = InstanceCrypto.Decrypt(settings.ClientPassword);
}
return(new
{
success = true,
exist = GetCertificate(settings.ClientCertificateFileName, settings.ClientPassword, log) != null
});
}
catch (Exception exception)
{
log.Error(exception);
return(new
{
success = false,
message = exception.Message
});
}
}
private string GetPassword(object passwordBytesObject)
{
string password = string.Empty;
try
{
if (passwordBytesObject != null)
{
object[] passwordBytesObjects = (object[])passwordBytesObject;
byte[] passwordBytes = new byte[passwordBytesObjects.Length];
for (int i = 0; i < passwordBytesObjects.Length; i++)
{
passwordBytes[i] = Convert.ToByte(passwordBytesObjects[i]);
}
if (passwordBytes.Length != 0)
{
password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(passwordBytes));
}
}
}
catch (Exception ex)
{
password = string.Empty;
log.ErrorFormat("Can't decrypt password {0}, {1}", ex.ToString(), ex.StackTrace);
}
return(password);
}
private List <DirectoryEntry> Search(string rootDistinguishedName, string filter, SearchScope scope,
LDAPSupportSettings settings)
{
var type = AuthenticationTypes.ReadonlyServer | AuthenticationTypes.Secure;
if (settings.PortNumber == Constants.SSL_LDAP_PORT)
{
type |= AuthenticationTypes.SecureSocketsLayer;
}
string password;
try
{
password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(settings.PasswordBytes));
}
catch (Exception)
{
password = string.Empty;
}
var de = settings.Authentication
? CreateDirectoryEntry(rootDistinguishedName, settings.Login, password, type)
: CreateDirectoryEntry(rootDistinguishedName);
return(de != null?Search(de, filter, scope) : null);
}
public override LDAPObject GetDomain(LDAPSupportSettings settings)
{
try
{
string password;
var type = AuthenticationTypes.ReadonlyServer | AuthenticationTypes.Secure;
try
{
password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(settings.PasswordBytes));
}
catch (Exception)
{
password = string.Empty;
}
if (settings.PortNumber == Constants.SSL_LDAP_PORT)
{
type |= AuthenticationTypes.SecureSocketsLayer;
}
var entry = settings.Authentication
? new DirectoryEntry(settings.Server + ":" + settings.PortNumber, settings.Login, password,
type)
: new DirectoryEntry(settings.Server + ":" + settings.PortNumber);
return(LDAPObjectFactory.CreateObject(entry));
}
catch (Exception e)
{
Log.WarnFormat("Can't get current domain. May be current user has not needed permissions. {0}", e);
return(null);
}
}
public static int GetLoginEventIdFromCookie(string cookie)
{
int loginEventId = 0;
if (string.IsNullOrEmpty(cookie))
{
return(loginEventId);
}
try
{
cookie = (HttpUtility.UrlDecode(cookie) ?? "").Replace(' ', '+');
var s = InstanceCrypto.Decrypt(cookie).Split('$');
if (8 < s.Length)
{
loginEventId = !string.IsNullOrEmpty(s[8]) ? int.Parse(s[8]) : 0;
}
}
catch (Exception err)
{
LogManager.GetLogger("ASC.Core").ErrorFormat("Failed to get login event ID from cookie: cookie {0}, loginEvent {1}: {2}",
cookie, loginEventId, err);
}
return(loginEventId);
}
public static List <LDAPObject> Search(string root, Criteria criteria, LDAPSupportSettings settings)
{
var type = AuthenticationTypes.ReadonlyServer | AuthenticationTypes.Secure;
string password;
try
{
password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(settings.PasswordBytes));
}
catch (Exception)
{
password = string.Empty;
}
if (settings.PortNumber == Constants.SSL_LDAP_PORT)
{
type |= AuthenticationTypes.SecureSocketsLayer;
}
var entry = settings.Authentication ? new DirectoryEntry(root, settings.Login, password, type) : new DirectoryEntry(root);
try
{
object nativeObject = entry.NativeObject;
}
catch (Exception e)
{
_log.ErrorFormat("Error authenticating user. Current user has not access to read this directory: {0}. {1}", root, e);
return(null);
}
return(SearchInternal(root, criteria != null ? criteria.ToString() : null, SearchScope.Subtree, settings));
}
public void ProcessRequest(HttpContext context)
{
var d = context.Request.QueryString["d"];
if (string.IsNullOrEmpty(d))
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
return;
}
var param = HttpUtility.UrlDecode(InstanceCrypto.Decrypt(d)).Split('|');
if (param.Length != 3)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
return;
}
context.Response.Clear();
context.Response.ContentType = "text/javascript";
context.Response.Charset = "utf-8";
var etag = d.GetHashCode().ToString();
context.Response.Cache.SetETag(etag);
if (string.Equals(context.Request.Headers["If-None-Match"], etag))
{
context.Response.StatusCode = (int)HttpStatusCode.NotModified;
}
else
{
context.Response.Cache.SetCacheability(HttpCacheability.Public);
context.Response.Write(JavaScriptResourceSerialize(Type.GetType(param[0], true), param[1], CultureInfo.GetCultureInfo(param[2])));
}
}
public static bool DecryptCookie(string cookie, out int tenant, out Guid userid, out string login, out string password, out int indexTenant, out DateTime expire, out int indexUser)
{
tenant = Tenant.DEFAULT_TENANT;
userid = Guid.Empty;
login = null;
password = null;
indexTenant = 0;
expire = DateTime.MaxValue;
indexUser = 0;
if (string.IsNullOrEmpty(cookie))
{
return(false);
}
try
{
cookie = (HttpUtility.UrlDecode(cookie) ?? "").Replace(' ', '+');
var s = InstanceCrypto.Decrypt(cookie).Split('$');
if (0 < s.Length)
{
login = s[0];
}
if (1 < s.Length)
{
tenant = int.Parse(s[1]);
}
if (2 < s.Length)
{
password = s[2];
}
if (4 < s.Length)
{
userid = new Guid(s[4]);
}
if (5 < s.Length)
{
indexTenant = int.Parse(s[5]);
}
if (6 < s.Length)
{
expire = DateTime.ParseExact(s[6], DateTimeFormat, CultureInfo.InvariantCulture);
}
if (7 < s.Length)
{
indexUser = int.Parse(s[7]);
}
return(true);
}
catch (Exception err)
{
LogManager.GetLogger("ASC.Core").ErrorFormat("Authenticate error: cookie {0}, tenant {1}, userid {2}, login {3}, pass {4}, indexTenant {5}, expire {6}: {7}",
cookie, tenant, userid, login, password, indexTenant, expire.ToString(DateTimeFormat), err);
}
return(false);
}
public Guid AuthKey(InstanceCrypto instanceCrypto)
{
if (!_authKey.HasValue)
{
_authKey = !string.IsNullOrEmpty(_request.Query["userid"])
? new Guid(instanceCrypto.Decrypt(_request.Query["userid"]))
: Guid.Empty;
}
return(_authKey.Value);
}
public string GetEncryptedCode(InstanceCrypto InstanceCrypto, Signature Signature)
{
try
{
return(InstanceCrypto.Decrypt(Code));
}
catch
{
//support old scheme stored in the DB
return(Signature.Read <string>(Code));
}
}
protected string GetPassword(byte[] passwordBytes)
{
string password;
try
{
password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(passwordBytes));
}
catch
{
password = string.Empty;
}
return(password);
}
private string GetPassword(byte[] passwordBytes)
{
string password;
try
{
password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(passwordBytes));
}
catch (Exception)
{
password = string.Empty;
}
return(password);
}
public string GetKeys(Guid userId)
{
var linker = Snapshot.Get("webstudio");
var profile = linker.GetLinkedProfiles(userId.ToString(), ProviderConstants.Encryption).FirstOrDefault();
if (profile == null)
{
return(null);
}
var keys = InstanceCrypto.Decrypt(profile.Name);
return(keys);
}
public List <LDAPObject> Search(string root, Criteria criteria, string userFilter, LDAPSupportSettings settings)
{
var type = AuthenticationTypes.ReadonlyServer | AuthenticationTypes.Secure;
string password;
try
{
password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(settings.PasswordBytes));
}
catch (Exception)
{
password = string.Empty;
}
if (settings.PortNumber == Constants.SSL_LDAP_PORT)
{
type |= AuthenticationTypes.SecureSocketsLayer;
}
var entry = settings.Authentication
? new DirectoryEntry(root, settings.Login, password, type)
: new DirectoryEntry(root);
try
{
// ReSharper disable UnusedVariable
var nativeObject = entry.NativeObject;
// ReSharper restore UnusedVariable
}
catch (Exception e)
{
_log.ErrorFormat(
"Error authenticating user. Current user has not access to read this directory: {0}. {1}", root, e);
return(new List <LDAPObject>(0));
}
if (!string.IsNullOrEmpty(userFilter) && !userFilter.StartsWith("(") && !userFilter.EndsWith(")"))
{
userFilter = "(" + userFilter + ")";
}
return(SearchInternal(root, criteria != null ? "(&" + criteria + userFilter + ")" : userFilter,
SearchScope.Subtree, settings));
}
public object GetSsoCertificateKey()
{
CheckSsoPermissions();
var log = LogManager.GetLogger(typeof(SettingsApi));
try
{
var settings = SsoSettings.Load();
if (string.IsNullOrEmpty(settings.ClientCertificateFileName))
{
throw new Exception("Certificate is not found");
}
if (!string.IsNullOrEmpty(settings.ClientPassword))
{
settings.ClientPassword = InstanceCrypto.Decrypt(settings.ClientPassword);
}
var base64ExportCertificate = FillBase64ExportCertificate(settings, log);
if (string.IsNullOrEmpty(base64ExportCertificate))
{
throw new Exception("Certificate is unaccessable");
}
return(new
{
success = true,
publicKey = base64ExportCertificate
});
}
catch (Exception exception)
{
log.Error(exception);
return(new
{
success = false,
message = exception.Message
});
}
}
public static string GetPassword(byte[] passwordBytes)
{
if (passwordBytes == null || passwordBytes.Length == 0)
{
return(string.Empty);
}
string password;
try
{
password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(passwordBytes));
}
catch (Exception)
{
password = string.Empty;
}
return(password);
}
public static bool DecryptCookie(string cookie, out int tenant, out Guid userid, out string login, out string password)
{
tenant = Tenant.DEFAULT_TENANT;
userid = Guid.Empty;
login = null;
password = null;
if (string.IsNullOrEmpty(cookie))
{
return(false);
}
try
{
cookie = HttpUtility.UrlDecode(cookie).Replace(' ', '+');
var s = InstanceCrypto.Decrypt(cookie).Split('$');
if (0 < s.Length)
{
login = s[0];
}
if (1 < s.Length)
{
tenant = int.Parse(s[1]);
}
if (2 < s.Length)
{
password = s[2];
}
if (4 < s.Length)
{
userid = new Guid(s[4]);
}
return(true);
}
catch (Exception err)
{
LogManager.GetLogger("ASC.Core").ErrorFormat("Authenticate error: cookie {0}, tenant {1}, userid {2}, login {3}, pass {4}: {5}",
cookie, tenant, userid, login, password, err);
}
return(false);
}
public static EncryptionSettings Deserialize(string value)
{
if (string.IsNullOrEmpty(value))
{
return(new EncryptionSettings());
}
var parts = value.Split(new[] { '#' }, StringSplitOptions.None);
var password = string.IsNullOrEmpty(parts[0]) ? string.Empty : InstanceCrypto.Decrypt(parts[0]);
var status = int.Parse(parts[1]);
var notifyUsers = bool.Parse(parts[2]);
return(new EncryptionSettings
{
Password = password,
Status = (EncryprtionStatus)status,
NotifyUsers = notifyUsers
});
}
public static string GetKeys(Guid userId)
{
var linker = new AccountLinker("webstudio");
var profile = linker.GetLinkedProfiles(userId.ToString(), ProviderConstants.Encryption).FirstOrDefault();
if (profile == null)
{
return(null);
}
try
{
var keys = InstanceCrypto.Decrypt(profile.Name);
return(keys);
}
catch (Exception ex)
{
var message = string.Format("Can not decrypt {0} keys for {1}", ProviderConstants.Encryption, userId);
LogManager.GetLogger("ASC").Error(message, ex);
return(null);
}
}
public static bool DecryptCookie(string cookie, out int tenant, out Guid userid, out string login, out string password)
{
tenant = Tenant.DEFAULT_TENANT;
userid = Guid.Empty;
login = null;
password = null;
if (string.IsNullOrEmpty(cookie))
{
return(false);
}
try
{
cookie = HttpUtility.UrlDecode(cookie).Replace(' ', '+');
var s = InstanceCrypto.Decrypt(cookie).Split('$');
if (0 < s.Length)
{
login = s[0];
}
if (1 < s.Length)
{
tenant = int.Parse(s[1]);
}
if (2 < s.Length)
{
password = s[2];
}
if (4 < s.Length)
{
userid = new Guid(s[4]);
}
return(true);
}
catch { }
return(false);
}
public static bool DecryptCookie(string cookie, out int tenant, out Guid userid, out string login, out string password)
{
tenant = Tenant.DEFAULT_TENANT;
userid = Guid.Empty;
login = null;
password = null;
try
{
var s = InstanceCrypto.Decrypt(cookie).Split('$');
var salt = 3 < s.Length ? s[3] : null;
if (salt != null && salt != GetUserDepenencySalt())
{
return(false);
}
if (0 < s.Length)
{
login = s[0];
}
if (1 < s.Length)
{
tenant = int.Parse(s[1]);
}
if (2 < s.Length)
{
password = s[2];
}
if (4 < s.Length)
{
userid = new Guid(s[4]);
}
return(true);
}
catch { }
return(false);
}
private static string DecryptPassword(string password)
{
return(string.IsNullOrEmpty(password) ? string.Empty : InstanceCrypto.Decrypt(password));
}
public static byte CheckSettings(LDAPSupportSettings settings, LDAPUserImporter importer)
{
if (!settings.EnableLdapAuthentication)
{
return(OPERATION_OK);
}
string password;
try
{
password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(settings.PasswordBytes));
}
catch
{
password = string.Empty;
}
try
{
if (settings.Authentication)
{
CheckCredentials(settings.Login, password, settings.Server, settings.PortNumber);
}
if (!CheckServerAndPort(settings.Server, settings.PortNumber,
settings.Authentication, settings.Login, password))
{
return(WRONG_SERVER_OR_PORT);
}
}
catch (DirectoryServicesCOMException)
{
return(CREDENTIALS_NOT_VALID);
}
catch (COMException)
{
return(WRONG_SERVER_OR_PORT);
}
if (!CheckUserDN(settings.UserDN, settings.Server, settings.PortNumber,
settings.Authentication, settings.Login, password))
{
return(WRONG_USER_DN);
}
try
{
importer.AllDomainUsers = GetUsersByAttributes(settings);
}
catch (ArgumentException)
{
_log.ErrorFormat("Incorrect filter. userFilter = {0}", settings.UserFilter);
return(INCORRECT_LDAP_FILTER);
}
if (importer.AllDomainUsers == null || importer.AllDomainUsers.Count == 0)
{
_log.ErrorFormat("Any user is not found. userDN = {0}", settings.UserDN);
return(USERS_NOT_FOUND);
}
if (!CheckLoginAttribute(importer.AllDomainUsers[0], settings.LoginAttribute))
{
return(WRONG_LOGIN_ATTRIBUTE);
}
if (settings.GroupMembership)
{
if (!CheckGroupDNAndGroupName(settings.GroupDN, settings.GroupName, settings.Server,
settings.PortNumber, settings.Authentication, settings.Login, password))
{
return(WRONG_GROUP_DN_OR_GROUP_NAME);
}
importer.DomainGroups = GetGroupsByParameter(settings);
if (importer.DomainGroups == null || importer.DomainGroups.Count == 0)
{
return(GROUPS_NOT_FOUND);
}
if (!CheckGroupAttribute(importer.DomainGroups[0], settings.GroupAttribute))
{
return(WRONG_GROUP_ATTRIBUTE);
}
if (!CheckUserAttribute(importer.AllDomainUsers[0], settings.UserAttribute))
{
return(WRONG_USER_ATTRIBUTE);
}
}
return(OPERATION_OK);
}
private static OAuth20Token DecryptToken(string token)
{
return(string.IsNullOrEmpty(token) ? null : FromJson(InstanceCrypto.Decrypt(token)));
}
internal void FromTransport(string transportstring)
{
var serialized = Encoding.UTF8.GetString(InstanceCrypto.Decrypt(HttpServerUtility.UrlTokenDecode(transportstring)));
FromSerializedString(serialized);
}
public string CreateHash2(string s)
{
return(!string.IsNullOrEmpty(s) ? "S|" + Crypto.GetV(instanceCrypto.Decrypt(s), 1, true) : s);
}
private string DecryptPassword(string password)
{
return(InstanceCrypto.Decrypt(password));
}
internal void FromTransport(string transportstring)
{
var serialized = Encoding.UTF8.GetString(InstanceCrypto.Decrypt(WebEncoders.Base64UrlDecode(transportstring)));
FromSerializedString(serialized);
}
public static string DecryptPassword(string password)
{
return(InstanceCrypto.Decrypt(password));
}
