public void SecureFile_WipeAndDelete()
{
// Verify that a file can be wiped and deleted. Note that there's
// no reasonable way to automate a check to see that the file
// was actually wiped. It's best to step through the code manually
// to verify this.
var path = Path.GetTempFileName();
using (var fs = new FileStream(path, FileMode.Create, FileAccess.ReadWrite))
{
for (int i = 0; i < 1000000; i++)
{
fs.WriteByte((byte)i);
}
}
SecureFile.WipeAndDelete(path, 3);
Assert.IsFalse(System.IO.File.Exists(path));
// Verify that calling WipeAndDelete() on a non-existant file
// does not throw an exception.
SecureFile.WipeAndDelete(path, 3);
}
//public void filldata()
//{
// ConnectionClass mycon = new ConnectionClass();
// string c_id=Request.QueryString["c_id"];
// DataFolder.DataSource = mycon.select("select * from tbl_category where c_id="+c_id);
// DataFolder.DataBind();
// }
protected void addfile_Click(object sender, EventArgs e)
{
ConnectionClass mycon = new ConnectionClass();
SecureFile sf = new SecureFile();
string cid = Request.QueryString["c_id"];
string type = mycon.GetValue("select c_name from tbl_category where c_id=" + cid);
if (type == "Text")
{
string ext = System.IO.Path.GetExtension(folderupload.FileName);
string filename = DateTime.Now.ToBinary().ToString();
string savepath = @"~\folder\" + filename + ext;
folderupload.SaveAs(Server.MapPath(savepath));
string save = MapPath("encrypt");
string source = MapPath("folder");
sf.encrypt(filename + ext, source + "//" + filename + ext, passs.Text);
mycon.iud("insert into tbl_pvt values(" + cid + ",'" + savepath + "','" + filename + "','" + sname.Text + "','" + DateTime.Now.ToString() + "','ACTIVE')");
}
else
{
string ext = System.IO.Path.GetExtension(folderupload.FileName);
string filename = DateTime.Now.ToBinary().ToString();
string savepath = @"~\folder\" + filename + ext;
folderupload.SaveAs(Server.MapPath(savepath));
mycon.iud("insert into tbl_pvt values(" + cid + ",'" + savepath + "','" + filename + "','" + sname.Text + "','" + DateTime.Now.ToString() + "','ACTIVE')");
}
Response.Write("INSERTED");
string user_id = Session["u_id"].ToString();
mycon.iud("insert into tbl_logs values('you have added file into your user folder','" + user_id + "','" + DateTime.Now.ToString() + "')");
fillfolderdata();
}
public string[] EncryptFilesWithStormshieldDataFile(string[] filePaths, string[] emailAddresses)
{
List <string> encryptedFilePaths = new List <string>();
string recipients = CSharpArrayToCmdletList(emailAddresses);
using (Stormshield.DataSecurity.Connector.API api = new Stormshield.DataSecurity.Connector.API())
{
object[] objects = api.Execute(string.Format("Get-SDSCertificate -EmailAddress {0}", recipients));
if (objects == null || objects.Length != emailAddresses.Length)
{
throw new InvalidOperationException("Certains certificats ne sont pas trouvés");
}
else
{
KeyValuePair <string, object>[] parameters = new KeyValuePair <string, object>[]
{
new KeyValuePair <string, object>("-Path", filePaths),
new KeyValuePair <string, object>("-Coworkers", objects)
};
objects = api.Execute("Protect-SDSFile", parameters);
if (objects != null)
{
foreach (object item in objects)
{
SecureFile secureFile = item as SecureFile;
encryptedFilePaths.Add(secureFile.Path);
}
}
}
}
return(encryptedFilePaths.ToArray());
}
public void SecureFile_Stream_Validate()
{
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedMemoryStream original = new EnhancedMemoryStream();
EnhancedMemoryStream encrypted = new EnhancedMemoryStream();
SecureFile secure = null;
byte b;
for (int i = 0; i < 100; i++)
{
original.WriteByte((byte)i);
}
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
original.Position = 0;
secure.EncryptTo(encrypted, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
encrypted.Position = 0;
Assert.IsTrue(SecureFile.Validate(encrypted, privateKey));
encrypted.Position = encrypted.Length - 1;
b = (byte)encrypted.ReadByte();
encrypted.Position = encrypted.Length - 1;
encrypted.WriteByte((byte)(~b));
encrypted.Position = 0;
Assert.IsFalse(SecureFile.Validate(encrypted, privateKey));
}
public void SecureFile_Stream_NoContent()
{
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedMemoryStream original = new EnhancedMemoryStream();
EnhancedMemoryStream encrypted = new EnhancedMemoryStream();
EnhancedMemoryStream decrypted = new EnhancedMemoryStream();
SecureFile secure = null;
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
original.Position = 0;
secure.EncryptTo(encrypted, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
original.Position = 0;
encrypted.Position = 0;
Assert.AreNotEqual(original.ReadBytesToEnd(), encrypted.ReadBytesToEnd());
encrypted.Position = 0;
secure = new SecureFile(encrypted, SecureFileMode.Decrypt, privateKey);
secure.DecryptTo(decrypted);
secure.Close();
secure = null;
Assert.AreEqual(0, decrypted.Length);
}
public void SecureFile_Stream_LargeContent()
{
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedMemoryStream original = new EnhancedMemoryStream();
EnhancedMemoryStream encrypted = new EnhancedMemoryStream();
EnhancedMemoryStream decrypted = new EnhancedMemoryStream();
SecureFile secure = null;
for (int i = 0; i < 128000; i++)
{
original.WriteByte((byte)i);
}
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
original.Position = 0;
secure.EncryptTo(encrypted, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
encrypted.Position = 0;
secure = new SecureFile(encrypted, SecureFileMode.Decrypt, privateKey);
secure.DecryptTo(decrypted);
secure.Close();
secure = null;
original.Position = 0;
encrypted.Position = 0;
CollectionAssert.AreNotEqual(original.ReadBytesToEnd(), encrypted.ReadBytesToEnd());
original.Position = 0;
decrypted.Position = 0;
CollectionAssert.AreEqual(original.ReadBytesToEnd(), decrypted.ReadBytesToEnd());
}
public void SecureFile_File_Validate()
{
string originalName = Path.GetTempFileName();
string encryptName = Path.GetTempFileName();
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedStream original = null;
EnhancedStream encrypted = null;
SecureFile secure = null;
byte b;
try
{
original = new EnhancedFileStream(originalName, FileMode.Create, FileAccess.ReadWrite);
for (int i = 0; i < 100; i++)
{
original.WriteByte((byte)i);
}
original.Close();
original = null;
secure = new SecureFile(originalName, SecureFileMode.Encrypt, publicKey);
secure.EncryptTo(encryptName, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
Assert.IsTrue(SecureFile.Validate(encryptName, privateKey));
encrypted = new EnhancedFileStream(encryptName, FileMode.Open, FileAccess.ReadWrite);
encrypted.Position = encrypted.Length - 1;
b = (byte)encrypted.ReadByte();
encrypted.Position = encrypted.Length - 1;
encrypted.WriteByte((byte)(~b));
encrypted.Close();
Assert.IsFalse(SecureFile.Validate(encryptName, privateKey));
}
finally
{
if (original != null)
{
original.Close();
}
if (encrypted != null)
{
encrypted.Close();
}
System.IO.File.Delete(originalName);
System.IO.File.Delete(encryptName);
}
}
private void MainForm_Load(object sender, EventArgs e)
{
_secureFile = new SecureFile(_key);
_secureFile.ChunkUpdate += SecureFile_ChunkUpdate;
_secureFile.ProcessCompleted += SecureFile_ProcessCompleted;
if (!SecureDelete.IsPossible())
{
MessageBox.Show("Secure Deletion of Files not possible. SDelete wasn't found in this Directory. Please download it and save it inside the DataEncrypter directory.",
"No Secure Deletion", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
}
private void UpdateDatabaseOSX()
{
if (File.Exists(_macDBPath + "/" + DBNameDecrypted) == true)
{
if (File.Exists(_macDBPath + "/" + DBName) == true)
{
File.Delete(_macDBPath + "/" + DBName);
}
SecureFile.EncryptFile(_macDBPath + "/" + DBNameDecrypted, _macDBPath + "/" + DBName);
File.Delete(_macDBPath + "/" + DBNameDecrypted);
}
}
/// <summary>
/// This example demonstrates the use of the Set-SDSFileCoworker API
/// </summary>
/// <remarks>All coworkers are replaced with the specified ones (author will not be removed)</remarks>
/// <example>SetCoworkers "C:\My Folder\Document.docx.sbox" [email protected]</example>
/// <example>SetCoworkers "C:\My Folder\Document.docx.sbox" [email protected],[email protected]</example>
/// <example>SetCoworkers "C:\My Folder\Document.docx.sbox" [email protected],[email protected],[email protected]</example>
static int Main(string[] args)
{
int returnCode = 0;
try
{
if (args.Length != 2)
{
throw new ArgumentException("Missing parameters");
}
string sboxPath = args[0];
string emailAddresses = args[1];
using (API api = new API())
{
object[] objects = api.Execute("Get-SDSUser");
if (objects == null)
{
throw new InvalidOperationException("No user connected");
}
object[] certificates = api.Execute(string.Format("Get-SDSCertificate -EmailAddress {0}", emailAddresses));
if (certificates == null || certificates.Length != emailAddresses.Split(new char[] { ',' }).Length)
{
throw new InvalidOperationException("One or more certificates not found");
}
KeyValuePair <string, Object>[] parameters = new KeyValuePair <string, Object>[]
{
new KeyValuePair <string, Object>("Path", sboxPath),
new KeyValuePair <string, Object>("Coworkers", certificates)
};
objects = api.Execute("Set-SDSFileCoworker", parameters);
if (objects == null || objects.Length != 1)
{
throw new InvalidOperationException("Set-SDSFileCoworker");
}
SecureFile secureFile = objects[0] as SecureFile;
Console.WriteLine(string.Format("Return:\n{0}", secureFile.Path));
}
}
catch (System.Exception ex)
{
Console.WriteLine(ex);
returnCode = 2;
}
return(returnCode);
}
protected void DataFolder_ItemCommand(object source, DataListCommandEventArgs e)
{
ConnectionClass mycon = new ConnectionClass();
if (e.CommandName == "delete")
{
string path = e.CommandArgument.ToString();
mycon.iud("update tbl_pvt set status='INACTIVE' where path='" + path + "'");
string user_id = Session["u_id"].ToString();
mycon.iud("insert into tbl_logs values('You have deleted a file from your Private folder','" + user_id + "','" + DateTime.Now.ToString() + "')");
}
else if (e.CommandName == "view")
{
string path = e.CommandArgument.ToString();
// done.NavigateUrl = path;
string cd = Request.QueryString["c_id"];
string u_id = mycon.GetValue("select u_id from tbl_category where c_id=" + cd);
string cdd = mycon.GetValue("select c_id from tbl_category where u_id='" + u_id + "'AND c_name='Text'");
if (Request.QueryString["c_id"].ToString() != cdd)
{
Response.Redirect(path);
}
else
{
SecureFile sf = new SecureFile();
string p = MapPath(path);
int index = path.IndexOf('-');
int len = path.Length;
string fname = path.Substring(index, len - index);
if (passs.Text != "")
{
string pth = sf.decrypt(fname, p, passs.Text);
// Response.Redirect(pth);
if (pth != "")
{
string ext = Path.GetExtension(fname);
Response.Redirect("~/folder/" + fname + "_decrypted" + ext);
}
else
{
Response.Write("INVALID PASSWORD");
}
}
}
}
fillfolderdata();
}
/// <summary>
/// This example demonstrates the use of the Get-SDSFile API
/// </summary>
/// <example>MultipleGetFile "C:\My Folder\Document.docx.sbox" "C:\My Folder\Document.xlsx.sbox" "C:\My Folder\Document.pdf.sbox"</example>
static int Main(string[] args)
{
int returnCode = 0;
try
{
if (args.Length == 0)
{
throw new ArgumentException("Missing parameters");
}
StringBuilder sboxPathes = new StringBuilder();
foreach (string arg in args)
{
sboxPathes.AppendFormat("'{0}',", arg);
}
using (API api = new API())
{
object[] objects = api.Execute("Get-SDSUser");
if (objects == null)
{
throw new InvalidOperationException("No user connected");
}
objects = api.Execute(string.Format("Get-SDSFile {0}", sboxPathes.ToString().TrimEnd(new char[] { ',' })));
if (objects == null || objects.Length != sboxPathes.ToString().Split(new char[] { ',' }).Length)
{
throw new InvalidOperationException("Get-SDSFile");
}
foreach (object o in objects)
{
SecureFile secureFile = o as SecureFile;
Console.WriteLine(string.Format("Return:\n{0}", secureFile.Path));
}
}
}
catch (System.Exception ex)
{
Console.WriteLine(ex);
returnCode = 2;
}
return(returnCode);
}
public string[] EncryptFileWithStormshieldDataFile(string filePath)
{
List <string> encryptedFilePaths = new List <string>();
using (Stormshield.DataSecurity.Connector.API api = new Stormshield.DataSecurity.Connector.API())
{
object[] objects = api.Execute(string.Format("Protect-SDSFile '{0}'", filePath));
if (objects != null)
{
foreach (object item in objects)
{
SecureFile secureFile = item as SecureFile;
encryptedFilePaths.Add(secureFile.Path);
}
}
}
return(encryptedFilePaths.ToArray());
}
public void SecureFile_Stream_BadHash()
{
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedMemoryStream original = new EnhancedMemoryStream();
EnhancedMemoryStream encrypted = new EnhancedMemoryStream();
EnhancedMemoryStream decrypted = new EnhancedMemoryStream();
SecureFile secure = null;
byte b;
for (int i = 0; i < 100; i++)
{
original.WriteByte((byte)i);
}
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
original.Position = 0;
secure.EncryptTo(encrypted, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
// Munge the last byte of the hash digest and then
// confirm the this is detected
encrypted.Position = encrypted.Length - 1;
b = (byte)encrypted.ReadByte();
encrypted.Position = encrypted.Length - 1;
encrypted.WriteByte((byte)(~b));
encrypted.Position = 0;
secure = new SecureFile(encrypted, SecureFileMode.Decrypt, privateKey);
try
{
secure.DecryptTo(decrypted);
Assert.Fail("Corrupt hash digest not detected.");
}
catch
{
// Expecting an exception
}
}
/// <summary>
/// This example demonstrates the use of the Unprotect-SDSFile API
/// It allows a user to decrypt one or more files encrypted with Stormshield Data File component
/// </summary>
/// <example>DecryptFile C:\Document.docx.sbox</example>
/// <example>DecryptFile "C:\Document.docx.sbox,'C:\My Folder\Document.xlsx.sbox'"</example>
static int Main(string[] args)
{
int returnCode = 0;
try
{
if (args.Length != 1)
{
throw new ArgumentException("Missing parameters");
}
string sboxPathes = args[0];
using (API api = new API())
{
object[] objects = api.Execute("Get-SDSUser");
if (objects == null)
{
throw new InvalidOperationException("No user connected");
}
objects = api.Execute(string.Format("Unprotect-SDSFile {0}", sboxPathes));
if (objects == null || objects.Length != sboxPathes.Split(new char[] { ',' }).Length)
{
throw new InvalidOperationException("Unprotect-SDSFile");
}
foreach (object o in objects)
{
SecureFile secureFile = o as SecureFile;
Console.WriteLine(string.Format("Return:\n{0}", secureFile.Path));
}
}
}
catch (System.Exception ex)
{
Console.WriteLine(ex);
returnCode = 2;
}
return(returnCode);
}
public void SecureFile_Stream_Metadata()
{
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedMemoryStream original = new EnhancedMemoryStream();
EnhancedMemoryStream encrypted = new EnhancedMemoryStream();
EnhancedMemoryStream decrypted = new EnhancedMemoryStream();
SecureFile secure = null;
DateTime createTime = Helper.UtcNowRounded - TimeSpan.FromMinutes(1);
DateTime writeTime = Helper.UtcNowRounded;
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
secure.Properties["Foo"] = "Bar";
secure.Properties["Hello"] = "World";
secure.FileName = "Test.dat";
secure.FullPath = "c:\\test\\test.dat";
secure.CreateTimeUtc = createTime;
secure.WriteTimeUtc = writeTime;
original.Position = 0;
secure.EncryptTo(encrypted, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
original.Position = 0;
encrypted.Position = 0;
Assert.AreNotEqual(original.ReadBytesToEnd(), encrypted.ReadBytesToEnd());
encrypted.Position = 0;
secure = new SecureFile(encrypted, SecureFileMode.Decrypt, privateKey);
secure.DecryptTo(decrypted);
Assert.AreEqual("Bar", secure.Properties["Foo"]);
Assert.AreEqual("World", secure.Properties["Hello"]);
Assert.AreEqual("Test.dat", secure.FileName);
Assert.AreEqual("c:\\test\\test.dat", secure.FullPath);
Assert.AreEqual(createTime, secure.CreateTimeUtc);
Assert.AreEqual(writeTime, secure.WriteTimeUtc);
secure.Close();
secure = null;
Assert.AreEqual(0, decrypted.Length);
}
/// <summary>
/// This example demonstrates the use of the Remove-SDSFileCoworker API
/// </summary>
/// <example>RemoveCoworkers "C:\My Folder\Document.docx.sbox" [email protected]</example>
/// <example>RemoveCoworkers "C:\My Folder\Document.docx.sbox" [email protected],[email protected]</example>
/// <example>RemoveCoworkers "C:\My Folder\Document.docx.sbox" [email protected],[email protected],[email protected]</example>
static int Main(string[] args)
{
int returnCode = 0;
try
{
if (args.Length != 2)
{
throw new ArgumentException("Missing parameters");
}
string sboxPath = args[0];
string emailAddresses = args[1];
using (API api = new API())
{
object[] objects = api.Execute("Get-SDSUser");
if (objects == null)
{
throw new InvalidOperationException("No user connected");
}
objects = api.Execute(string.Format("Remove-SDSFileCoworker '{0}' -EmailAddress {1}", sboxPath, emailAddresses));
if (objects == null || objects.Length != 1)
{
throw new InvalidOperationException("Remove-SDSFileCoworker");
}
SecureFile secureFile = objects[0] as SecureFile;
Console.WriteLine(string.Format("Return:\n{0}", secureFile.Path));
}
}
catch (System.Exception ex)
{
Console.WriteLine(ex);
returnCode = 2;
}
return(returnCode);
}
public void SecureFile_Stream_GetPublicKey()
{
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedMemoryStream original = new EnhancedMemoryStream();
EnhancedMemoryStream encrypted = new EnhancedMemoryStream();
SecureFile secure = null;
for (int i = 0; i < 100; i++)
{
original.WriteByte((byte)i);
}
// Verify that the public key is saved when requested (the default)
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
Assert.IsTrue(secure.SavePublicKey);
Assert.AreEqual(publicKey, secure.PublicKey);
original.Position = 0;
secure.EncryptTo(encrypted, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
encrypted.Position = 0;
Assert.AreEqual(publicKey, SecureFile.GetPublicKey(encrypted));
// Verify that the public key is not saved if SavePublicKey=false
encrypted.SetLength(0);
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
secure.SavePublicKey = false;
original.Position = 0;
secure.EncryptTo(encrypted, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
encrypted.Position = 0;
Assert.IsNull(SecureFile.GetPublicKey(encrypted));
}
private void SelectFile_button_Click(object sender, EventArgs e)
{
using (var fileDialog = new OpenFileDialog())
{
fileDialog.InitialDirectory = "";
fileDialog.Filter = "All files (*.*)|*.*";
fileDialog.FilterIndex = 0;
fileDialog.RestoreDirectory = true;
if (fileDialog.ShowDialog() == DialogResult.OK)
{
if (_filePath != fileDialog.FileName)
{
//Get the path of specified file
_filePath = fileDialog.FileName;
fileName_label.Text = Path.GetFileName(_filePath);
//check if its a secure file
if (SecureFile.IsSecureFile(_filePath))
{
mode_comboBox.SelectedItem = mode_comboBox.Items[1];
_isSecureFile = true;
}
else
{
mode_comboBox.SelectedItem = mode_comboBox.Items[0];
}
LogMessage(CreateFileInfo(_filePath));
key_textBox.Enabled = true;
}
}
}
CheckKey();
}
public void SecureFile_File_KeyChain()
{
string encryptName = Path.GetTempFileName();
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedMemoryStream original = new EnhancedMemoryStream();
SecureFile secure = null;
try
{
for (int i = 0; i < 100; i++)
{
original.WriteByte((byte)i);
}
// Verify that SecureFile can find the correct private key in the key chain.
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
Assert.IsTrue(secure.SavePublicKey);
Assert.AreEqual(publicKey, secure.PublicKey);
original.Position = 0;
secure.EncryptTo(encryptName, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
var keyChain = new KeyChain();
var decrypted = new EnhancedMemoryStream();
keyChain.Add(privateKey);
secure = new SecureFile(encryptName, keyChain);
secure.DecryptTo(decrypted);
secure.Close();
secure = null;
CollectionAssert.AreEqual(original.ToArray(), decrypted.ToArray());
// Verify that SecureFile throws a CryptographicException if the
// key is not present in the chain.
keyChain.Clear();
try
{
secure = new SecureFile(encryptName, keyChain);
secure.DecryptTo(decrypted);
Assert.Fail("Expecting a CryptographicException");
}
catch (CryptographicException)
{
// Expecting this
}
finally
{
if (secure != null)
{
secure.Close();
secure = null;
}
}
// Verify that SecureFile throws a CryptographicException if the
// public key was not saved to the file.
keyChain.Add(privateKey);
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
secure.SavePublicKey = false;
original.Position = 0;
secure.EncryptTo(encryptName, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
try
{
secure = new SecureFile(encryptName, keyChain);
secure.DecryptTo(decrypted);
Assert.Fail("Expecting a CryptographicException");
}
catch (CryptographicException)
{
// Expecting this
}
finally
{
if (secure != null)
{
secure.Close();
secure = null;
}
}
}
finally
{
System.IO.File.Delete(encryptName);
}
}
private void CreateDatabaseLogicForMac()
{
if (Directory.Exists(_macDBPath) == true)
{
if (File.Exists(_macDBPath + "/" + DBName) == true)
{
if (File.Exists(_macDBPath + "/" + DBNameDecrypted) == true)
{
if (File.Exists(_macDBPath + "/" + DBName) == true)
{
File.Delete(_macDBPath + "/" + DBName);
}
SecureFile.EncryptFile(_macDBPath + "/" + DBNameDecrypted, _macDBPath + "/" + DBName);
}
else
{
SecureFile.DecryptFile(_macDBPath + "/" + DBName, _macDBPath + "/" + DBNameDecrypted);
}
string __foundVersion = CheckBundleVersion();
if (__foundVersion != CurrentBundleVersion.version)
{
if (File.Exists(_macDBPath + "/" + DBName) == true)
{
File.Delete(_macDBPath + "/" + DBName);
}
if (File.Exists(_macDBPath + "/" + DBNameDecrypted) == true)
{
File.Delete(_macDBPath + "/" + DBNameDecrypted);
}
File.Copy(Application.streamingAssetsPath + "/" + DBName, _macDBPath + "/" + DBName, true);
SecureFile.DecryptFile(_macDBPath + "/" + DBName, _macDBPath + "/" + DBNameDecrypted);
InsertBundleVersionDataInDatabase(CurrentBundleVersion.version);
}
}
else
{
File.Copy(Application.streamingAssetsPath + "/" + DBName, _macDBPath + "/" + DBName, true);
if (File.Exists(_macDBPath + "/" + DBNameDecrypted) == true)
{
if (File.Exists(_macDBPath + "/" + DBName) == true)
{
File.Delete(_macDBPath + "/" + DBName);
}
SecureFile.EncryptFile(_macDBPath + "/" + DBNameDecrypted, _macDBPath + "/" + DBName);
}
else
{
SecureFile.DecryptFile(_macDBPath + "/" + DBName, _macDBPath + "/" + DBNameDecrypted);
}
}
}
else
{
Directory.CreateDirectory(_macDBPath);
File.Copy(Application.streamingAssetsPath + "/" + DBName, _macDBPath + "/" + DBName, true);
SecureFile.DecryptFile(_macDBPath + "/" + DBName, _macDBPath + "/" + DBNameDecrypted);
InsertBundleVersionDataInDatabase(CurrentBundleVersion.version);
}
}
public void SecureFile_File_BadHash()
{
string originalName = Path.GetTempFileName();
string encryptName = Path.GetTempFileName();
string decryptName = Path.GetTempFileName();
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedStream original = null;
EnhancedStream encrypted = null;
SecureFile secure = null;
byte b;
try
{
original = new EnhancedFileStream(originalName, FileMode.Create, FileAccess.ReadWrite);
for (int i = 0; i < 100; i++)
{
original.WriteByte((byte)i);
}
original.Close();
original = null;
secure = new SecureFile(originalName, SecureFileMode.Encrypt, publicKey);
secure.EncryptTo(encryptName, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
// Munge the last byte of the hash digest and then confirm
// that the bad hash is detected.
encrypted = new EnhancedFileStream(encryptName, FileMode.Open, FileAccess.ReadWrite);
encrypted.Position = encrypted.Length - 1;
b = (byte)encrypted.ReadByte();
encrypted.Position = encrypted.Length - 1;
encrypted.WriteByte((byte)(~b));
encrypted.Close();
encrypted = null;
ExtendedAssert.Throws <CryptographicException>(
() =>
{
secure = new SecureFile(encryptName, SecureFileMode.Decrypt, privateKey);
secure.DecryptTo(decryptName);
});
}
finally
{
if (original != null)
{
original.Close();
}
if (encrypted != null)
{
encrypted.Close();
}
try { System.IO.File.Delete(originalName); } catch { }
try { System.IO.File.Delete(encryptName); } catch { }
try { System.IO.File.Delete(decryptName); } catch { }
}
}
public void SecureFile_File_Metadata()
{
string originalName = Path.GetTempFileName();
string encryptName = Path.GetTempFileName();
string decryptName = Path.GetTempFileName();
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedStream original = null;
EnhancedStream encrypted = null;
EnhancedStream decrypted = null;
SecureFile secure = null;
DateTime createTime = Helper.UtcNowRounded - TimeSpan.FromMinutes(1);
DateTime writeTime = Helper.UtcNowRounded;
try
{
original = new EnhancedFileStream(originalName, FileMode.Create, FileAccess.ReadWrite);
for (int i = 0; i < 100; i++)
{
original.WriteByte((byte)i);
}
original.Close();
original = null;
Directory.SetCreationTimeUtc(originalName, createTime);
Directory.SetLastWriteTimeUtc(originalName, writeTime);
secure = new SecureFile(originalName, SecureFileMode.Encrypt, publicKey);
secure.Properties["Foo"] = "Bar";
secure.Properties["Hello"] = "World";
secure.EncryptTo(encryptName, CryptoAlgorithm.AES, 256);
Assert.AreEqual(Path.GetFileName(originalName), secure.FileName);
Assert.AreEqual(createTime, secure.CreateTimeUtc);
Assert.AreEqual(writeTime, secure.WriteTimeUtc);
secure.Close();
secure = null;
secure = new SecureFile(encryptName, SecureFileMode.Decrypt, privateKey);
Assert.AreEqual("Bar", secure.Properties["Foo"]);
Assert.AreEqual("World", secure.Properties["Hello"]);
Assert.AreEqual(Path.GetFileName(originalName), secure.FileName);
Assert.AreEqual(createTime, secure.CreateTimeUtc);
Assert.AreEqual(writeTime, secure.WriteTimeUtc);
secure.DecryptTo(decryptName);
secure.Close();
secure = null;
Assert.AreEqual(createTime, Directory.GetCreationTimeUtc(decryptName));
Assert.AreEqual(writeTime, Directory.GetLastWriteTimeUtc(decryptName));
original = new EnhancedFileStream(originalName, FileMode.Open, FileAccess.Read);
encrypted = new EnhancedFileStream(encryptName, FileMode.Open, FileAccess.Read);
decrypted = new EnhancedFileStream(decryptName, FileMode.Open, FileAccess.Read);
original.Position = 0;
encrypted.Position = 0;
Assert.AreNotEqual(original.ReadBytesToEnd(), encrypted.ReadBytesToEnd());
original.Position = 0;
decrypted.Position = 0;
CollectionAssert.AreEqual(original.ReadBytesToEnd(), decrypted.ReadBytesToEnd());
}
finally
{
if (original != null)
{
original.Close();
}
if (encrypted != null)
{
encrypted.Close();
}
if (decrypted != null)
{
decrypted.Close();
}
System.IO.File.Delete(originalName);
System.IO.File.Delete(encryptName);
System.IO.File.Delete(decryptName);
}
}
/// <summary>
/// Implements the background thread.
/// </summary>
private void DownloadThread()
{
DateTime lastWarningTime = DateTime.MinValue;
PolledTimer pollTimer;
bool resetTimer;
try
{
// Initialize the GeoTracker file folder
try
{
Helper.CreateFileTree(dataPath);
if (File.Exists(downloadPath))
{
SysLog.LogWarning("GeoTracker: Deleting existing temporary [{0}] file on startup.", downloadPath);
Helper.DeleteFile(downloadPath);
}
if (File.Exists(decryptedPath))
{
SysLog.LogWarning("GeoTracker: Deleting existing temporary [{0}] file on startup.", decryptedPath);
Helper.DeleteFile(decryptedPath);
}
}
catch (Exception e)
{
SysLog.LogException(e);
}
// Initalize the poll timer. We'll schedule an immediate download if the data file does
// not exist, otherwise we'll delay the polling for a random period of time between
// 0 and 15 minutes in the hope that we'll end up staggering the polling times across
// the server cluster (so we won't hammer the source website).
pollTimer = new PolledTimer(settings.IPGeocodeSourcePollInterval, false);
resetTimer = false;
if (!File.Exists(dataPath))
{
pollTimer.FireNow();
}
else
{
pollTimer.ResetRandomTemporary(TimeSpan.Zero, TimeSpan.FromMinutes(15));
}
// The polling loop.
while (true)
{
if (stopPending)
{
return;
}
try
{
if (pollDataNow)
{
pollTimer.FireNow();
pollDataNow = false;
}
if (pollTimer.HasFired)
{
DateTime fileDateUtc = DateTime.UtcNow;
bool isUpdate = false;
double fileSize = 0;
ElapsedTimer downloadTimer;
HttpWebRequest request;
HttpWebResponse response;
HttpStatusCode statusCode;
resetTimer = true;
// If a database file already exists then extract its last modify
// date and use this in an If-Modified-Since request to the source
// website to see if there's an updated file.
if (File.Exists(dataPath))
{
request = (HttpWebRequest)WebRequest.Create(settings.IPGeocodeSourceUri);
request.Timeout = (int)TimeSpan.FromSeconds(30).TotalMilliseconds;
isUpdate = true;
fileDateUtc = File.GetLastWriteTimeUtc(dataPath);
request.Method = "HEAD";
request.IfModifiedSince = fileDateUtc;
try
{
using (response = (HttpWebResponse)request.GetResponse())
statusCode = response.StatusCode;
}
catch (WebException e)
{
statusCode = ((HttpWebResponse)e.Response).StatusCode;
}
if (statusCode == HttpStatusCode.NotModified)
{
// The source website does not have an updated file. I'm going to
// do one extra check to see if the file we have is more than 45
// days old and log a warning. Note that we're going to issue this
// warning only once a week while the service is running.
if (DateTime.UtcNow - fileDateUtc < TimeSpan.FromDays(45) || DateTime.UtcNow - lastWarningTime >= TimeSpan.FromDays(7))
{
continue;
}
lastWarningTime = DateTime.UtcNow;
const string warning =
@"GeoTracker: The local copy of the MaxMind GeoIP City or GeoLite City database is [{0}] days old
and should be updated. You may need to download a new copy of the database from http://maxmind.com,
decompress it and upload it to the source website at [{1}].
Note: Make sure that the website is configured with the [.DAT=application/octet-stream] MIME mapping.";
SysLog.LogWarning(warning, (int)(DateTime.UtcNow - fileDateUtc).TotalDays, settings.IPGeocodeSourceUri);
continue;
}
}
// Download the database to the temporary download file.
Helper.DeleteFile(downloadPath);
downloadTimer = new ElapsedTimer(true);
fileSize = Helper.WebDownload(settings.IPGeocodeSourceUri, downloadPath, settings.IPGeocodeSourceTimeout, out response);
downloadTimer.Stop();
// Set the file times to match the Last-Modified header received from the website (it any).
string lastModified = response.Headers["Last-Modified"];
if (lastModified != null)
{
try
{
fileDateUtc = Helper.ParseInternetDate(lastModified);
File.SetCreationTimeUtc(downloadPath, fileDateUtc);
File.SetLastWriteTimeUtc(downloadPath, fileDateUtc);
}
catch (Exception e)
{
SysLog.LogException(e, "GeoTracker: Website for [{0}] returned invalid Last-Modified header [{1}].",
settings.IPGeocodeSourceUri, lastModified);
}
}
// Decrypt the file and set its file dates.
var keyChain = new KeyChain(settings.IPGeocodeSourceRsaKey);
using (var secureFile = new SecureFile(downloadPath, keyChain))
{
secureFile.DecryptTo(decryptedPath);
}
File.SetCreationTimeUtc(decryptedPath, fileDateUtc);
File.SetLastWriteTimeUtc(decryptedPath, fileDateUtc);
// Verify the decrypted data file and then swap in new file.
const string info =
@"GeoTracker: {0} of IP-to-location database from [{1}] completed.
Downloaded [{2:#.#}MB] bytes in [{3}].";
SysLog.LogInformation(info, isUpdate ? "Update download" : "Initial download", settings.IPGeocodeSourceUri, fileSize / (1024 * 1024), downloadTimer.ElapsedTime);
// Create a new MaxMind lookup intance and then swap it in without interrupting
// any queries in progress.
try
{
LookupService newMaxMind;
newMaxMind = new LookupService(decryptedPath, LookupService.GEOIP_MEMORY_CACHE);
newMaxMind.close();
maxMind = newMaxMind;
UpdateCount++;
}
catch (Exception e)
{
SysLog.LogException(e);
SysLog.LogError("GeoTracker: The MaxMind downloaded database file [{0}] appears to be corrupted. This will be deleted so the downloader can get a fresh copy.", downloadPath);
}
lock (syncLock)
{
Helper.DeleteFile(dataPath);
File.Copy(decryptedPath, dataPath);
File.SetCreationTimeUtc(dataPath, fileDateUtc);
File.SetLastWriteTimeUtc(dataPath, fileDateUtc);
}
// Delete the temporary files.
Helper.DeleteFile(decryptedPath);
Helper.DeleteFile(downloadPath);
}
}
catch (WebException e)
{
SysLog.LogException(e);
SysLog.LogWarning("GeoTracker: The download of the MaxMind database file has failed. The service will try again in 1 minute.");
pollTimer.ResetTemporary(TimeSpan.FromMinutes(1));
resetTimer = false;
}
catch (ThreadAbortException e)
{
SysLog.LogException(e);
throw;
}
catch (Exception e)
{
SysLog.LogException(e);
}
finally
{
if (resetTimer)
{
resetTimer = false;
pollTimer.Reset();
}
}
Thread.Sleep(settings.BkInterval);
}
}
finally
{
running = false;
}
}
public void SecureFile_File_GetPublicKey()
{
string originalName = Path.GetTempFileName();
string encryptName = Path.GetTempFileName();
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedStream original = null;
EnhancedStream encrypted = null;
SecureFile secure = null;
try
{
original = new EnhancedFileStream(originalName, FileMode.Create, FileAccess.ReadWrite);
for (int i = 0; i < 100; i++)
{
original.WriteByte((byte)i);
}
original.Close();
original = null;
// Verify that the public key is saved if requested
secure = new SecureFile(originalName, SecureFileMode.Encrypt, publicKey);
Assert.IsTrue(secure.SavePublicKey);
Assert.AreEqual(publicKey, secure.PublicKey);
secure.EncryptTo(encryptName, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
Assert.AreEqual(publicKey, SecureFile.GetPublicKey(encryptName));
// Verify that the public key is not saved, if SavePublicKey=false
System.IO.File.Delete(encryptName);
secure = new SecureFile(originalName, SecureFileMode.Encrypt, publicKey);
secure.SavePublicKey = false;
secure.EncryptTo(encryptName, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
Assert.IsNull(SecureFile.GetPublicKey(encryptName));
}
finally
{
if (original != null)
{
original.Close();
}
if (encrypted != null)
{
encrypted.Close();
}
System.IO.File.Delete(originalName);
System.IO.File.Delete(encryptName);
}
}
/// <summary>
/// This example demonstrates the use of the Protect-SDSFile API
/// It allows a user to encrypt a file with Stormshield Data File component.
/// </summary>
/// <example>EncryptFile C:\Document.docx</example>
/// <example>EncryptFile C:\Document.docx [email protected]</example>
/// <example>EncryptFile C:\Document.docx [email protected],[email protected]</example>
static int Main(string[] args)
{
int returnCode = 0;
try
{
if (args.Length == 0)
{
throw new ArgumentException("Missing parameters");
}
string filePath = args[0];
using (API api = new API())
{
object[] objects = api.Execute("Get-SDSUser");
if (objects == null)
{
throw new InvalidOperationException("No user connected");
}
if (args.Length == 1)
{
// with no email addresses, the file is encrypted for the currently connected user
//objects = api.Execute(string.Format("Protect-SDSFile '{0}'", filePath));
objects = api.Execute("Protect-SDSFile C:\\a\\a.docx");
}
else
{
string emailAddresses = args[1];
object[] certificates = api.Execute(string.Format("Get-SDSCertificate -EmailAddress {0}", emailAddresses));
if (certificates == null || certificates.Length != emailAddresses.Split(new char[] { ',' }).Length)
{
throw new InvalidOperationException("One or more certificates not found");
}
KeyValuePair <string, object>[] parameters = new KeyValuePair <string, object>[]
{
new KeyValuePair <string, object>("-Path", filePath),
new KeyValuePair <string, object>("-Coworkers", certificates)
};
objects = api.Execute("Protect-SDSFile", parameters);
}
if (objects == null || objects.Length != 1)
{
throw new InvalidOperationException("Protect-SDSFile");
}
SecureFile secureFile = objects[0] as SecureFile;
Console.WriteLine(string.Format("Return:\n{0}", secureFile.Path));
}
}
catch (System.Exception ex)
{
Console.WriteLine(ex);
returnCode = 2;
}
return(returnCode);
}
private static int DecryptSecureFile(string[] args)
{
CommandLine cmdLine = new CommandLine(args, false);
string inPath = cmdLine.GetOption("in", null);
string outPath = cmdLine.GetOption("out", null);
string keyChainOption = cmdLine.GetOption("keychain", null);
KeyChain keyChain = null;
if (inPath == null)
{
Program.Error("[-in:<path>] command line option is required.");
return(1);
}
if (outPath == null)
{
Program.Error("[-out:<path>] command line option is required.");
return(1);
}
if (keyChainOption != null)
{
string keyPath;
int pos;
SymmetricKey symkey;
pos = keyChainOption.IndexOf(';');
if (pos != -1)
{
// Keychain file is encrypted.
keyPath = keyChainOption.Substring(0, pos);
symkey = new SymmetricKey(keyChainOption.Substring(pos + 1));
keyChain = new KeyChain(symkey, File.ReadAllBytes(keyPath));
}
else
{
// Keychain file is not encrypted.
keyChain = new KeyChain();
using (var input = new StreamReader(keyChainOption))
{
for (var line = input.ReadLine(); line != null; line = input.ReadLine())
{
var trimmed = line.Trim();
if (trimmed.Length == 0 || trimmed.StartsWith("//") || trimmed.StartsWith("--"))
{
continue;
}
keyChain.Add(trimmed);
}
}
}
if (keyChain.Count == 0)
{
Program.Error("The keychain is empty.");
return(1);
}
}
else
{
keyChain = new KeyChain();
}
var keys = cmdLine.GetOptionValues("key");
foreach (var key in keys)
{
keyChain.Add(key);
}
if (keyChain.Count == 0)
{
Program.Error("A private RSA key must be specified using a [-key] or [-keychain] option.");
return(1);
}
using (var secureFile = new SecureFile(inPath, keyChain))
{
secureFile.DecryptTo(outPath);
}
return(0);
}
