// ---------------------------------------------------------------------------------------------------
// OLD routines now below
// do not use anymore
// routines above offer increased security characteristics per PABP
// ---------------------------------------------------------------------------------------------------
public static String UnmungeStringOld(String s)
{
SecurityParams p = GetSecurityParams();
String tmpS = new EncryptOld().DecryptData(p.EncryptKey, s);
return(tmpS);
}
public async Task <IActionResult> SecurityRestriction(SecurityRestrictionViewModel model)
{
if (ModelState.IsValid)
{
_userManager.Options.Lockout.MaxFailedAccessAttempts = model.NbTentatives;
_userManager.Options.Password.RequiredLength = model.RequiredLength;
_userManager.Options.Password.RequireDigit = model.RequireDigit;
_userManager.Options.Password.RequireNonAlphanumeric = model.RequireNonAlphanumeric;
_userManager.Options.Password.RequireUppercase = model.RequireUppercase;
_userManager.Options.Password.RequireLowercase = model.RequireLowercase;
if (_dbContext.SecurityParams.Any())
{
_dbContext.SecurityParams.FirstOrDefault().FailedLoginDelay = model.FailedLoginDelay;
}
else
{
var secParams = new SecurityParams
{
FailedLoginDelay = model.FailedLoginDelay
};
_dbContext.SecurityParams.Add(secParams);
}
await _dbContext.SaveChangesAsync();
ModelState.AddModelError(string.Empty, "Saved");
}
return(View(nameof(SecurityRestriction), model));
}
private static List <GrpcChannel> CreateChannels(
int clientChannels,
IEnumerable <string> serverTargets,
SecurityParams securityParams,
ILoggerFactory clientLoggerFactory)
{
GrpcPreconditions.CheckArgument(clientChannels > 0, "clientChannels needs to be at least 1.");
GrpcPreconditions.CheckArgument(serverTargets.Count() > 0, "at least one serverTarget needs to be specified.");
var result = new List <GrpcChannel>();
for (var i = 0; i < clientChannels; i++)
{
var target = serverTargets.ElementAt(i % serverTargets.Count());
// Contents of "securityParams" (useTestCa and sslTargetHostOverride) are basically ignored.
// Instead the client just uses TLS and disable any certificate checks.
var prefix = (securityParams == null) ? "http://" : "https://";
var channel = GrpcChannel.ForAddress(prefix + target, new GrpcChannelOptions
{
HttpHandler = new SocketsHttpHandler
{
EnableMultipleHttp2Connections = true,
SslOptions = new SslClientAuthenticationOptions
{
// Ignore TLS certificate errors.
RemoteCertificateValidationCallback = (_, __, ___, ____) => true
}
},
LoggerFactory = clientLoggerFactory
});
result.Add(channel);
}
return(result);
}
// ---------------------------------------------------------------------------------------------------
// OLD routines now below
// do not use anymore
// routines above offer increased security characteristics per PABP
// ---------------------------------------------------------------------------------------------------
public static String MungeStringOld(String s)
{
SecurityParams p = GetSecurityParams();
String tmpS = new EncryptOld().EncryptData(p.EncryptKey, s); // we removed s.ToLowerInvariant() from this call in v5.8!!
return(tmpS);
}
/// <summary>
/// Overload for backwards compatibility. If no security params are passed, the default values will be used.
/// </summary>
/// <param name="SecurityAction">Brief description of the security event</param>
/// <param name="Description">Full description of the security event</param>
/// <param name="CustomerUpdated">The customer ID which the event targeted (eg. password change event)</param>
/// <param name="UpdatedBy">The ID of the initiating customer or administrator</param>
/// <param name="CustomerSessionID">The session ID of the initiating customer or administrator</param>
/// <returns></returns>
public static String LogEvent(String SecurityAction, String Description, int CustomerUpdated, int UpdatedBy, int CustomerSessionID)
{
string err = String.Empty;
SecurityParams spa = GetSecurityParams();
LogEvent(SecurityAction, Description, CustomerUpdated, UpdatedBy, CustomerSessionID, spa);
return(err);
}
public static String MungeString(String s, String SaltKey, SecurityParams p)
{
if (s.Length == 0)
{
return(s);
}
Encrypt e = new Encrypt(p.EncryptKey, p.InitializationVector, 4, 4, p.KeySize, p.HashAlgorithm, SaltKey, p.EncryptIterations);
String tmpS = e.EncryptData(s);
return(tmpS);
}
public static String UnmungeString(String s, String SaltKey, SecurityParams p)
{
if (s.Length == 0)
{
return(s);
}
try
{
Encrypt e = new Encrypt(p.EncryptKey, p.InitializationVector, 4, 4, p.KeySize, p.HashAlgorithm, SaltKey, p.EncryptIterations);
String tmpS = e.DecryptData(s);
return(tmpS);
}
catch
{
//return "Error: Decrypt Failed";
// to make sure when comparing the StartsWith
return(ro_DecryptFailedPrefix + " Decrypt Failed");
}
}
public static string MungeString(string value, string saltKey, SecurityParams securityParams)
{
if (string.IsNullOrEmpty(value))
{
return(value);
}
var encrypt = new Encrypt(
passPhrase: securityParams.EncryptKey,
initVector: securityParams.InitializationVector,
minSaltLen: 4,
maxSaltLen: 4,
keySize: securityParams.KeySize,
hashAlgorithm: securityParams.HashAlgorithm,
saltValue: saltKey,
passwordIterations: securityParams.EncryptIterations);
return(encrypt.EncryptData(value));
}
private static List <Channel> CreateChannels(int clientChannels, IEnumerable <string> serverTargets, SecurityParams securityParams)
{
GrpcPreconditions.CheckArgument(clientChannels > 0, "clientChannels needs to be at least 1.");
GrpcPreconditions.CheckArgument(serverTargets.Count() > 0, "at least one serverTarget needs to be specified.");
var credentials = securityParams != null?TestCredentials.CreateSslCredentials() : ChannelCredentials.Insecure;
List <ChannelOption> channelOptions = null;
if (securityParams != null && securityParams.ServerHostOverride != "")
{
channelOptions = new List <ChannelOption>
{
new ChannelOption(ChannelOptions.SslTargetNameOverride, securityParams.ServerHostOverride)
};
}
var result = new List <Channel>();
for (int i = 0; i < clientChannels; i++)
{
var target = serverTargets.ElementAt(i % serverTargets.Count());
var channel = new Channel(target, credentials, channelOptions);
result.Add(channel);
}
return(result);
}
private static List<Channel> CreateChannels(int clientChannels, IEnumerable<string> serverTargets, SecurityParams securityParams)
{
GrpcPreconditions.CheckArgument(clientChannels > 0, "clientChannels needs to be at least 1.");
GrpcPreconditions.CheckArgument(serverTargets.Count() > 0, "at least one serverTarget needs to be specified.");
var credentials = securityParams != null ? TestCredentials.CreateSslCredentials() : ChannelCredentials.Insecure;
List<ChannelOption> channelOptions = null;
if (securityParams != null && securityParams.ServerHostOverride != "")
{
channelOptions = new List<ChannelOption>
{
new ChannelOption(ChannelOptions.SslTargetNameOverride, securityParams.ServerHostOverride)
};
}
var result = new List<Channel>();
for (int i = 0; i < clientChannels; i++)
{
var target = serverTargets.ElementAt(i % serverTargets.Count());
var channel = new Channel(target, credentials, channelOptions);
result.Add(channel);
}
return result;
}
public static String MungeString(String s, SecurityParams p)
{
return(MungeString(s, String.Empty, p));
}
/// <summary>
/// Writes an event to the encrypted system security log
/// This method is used for PA-DSS compliance
/// </summary>
/// <param name="SecurityAction">Brief description of the security event</param>
/// <param name="Description">Full description of the security event</param>
/// <param name="CustomerUpdated">The customer ID which the event targeted (eg. password change event)</param>
/// <param name="UpdatedBy">The ID of the initiating customer or administrator</param>
/// <param name="CustomerSessionID">The session ID of the initiating customer or administrator</param>
/// <param name="SecurityParameters">Security parameter object allowing the developer to control how strings are encrypted</param>
/// <returns></returns>
public static String LogEvent(String SecurityAction, String Description, int CustomerUpdated, int UpdatedBy, int CustomerSessionID, SecurityParams SecurityParameters)
{
String err = String.Empty;
SqlConnection cn = new SqlConnection(DB.GetDBConn());
cn.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = cn;
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "dbo.aspdnsf_SecurityLogInsert";
cmd.Parameters.Add(new SqlParameter("@SecurityAction", SqlDbType.NVarChar, 200));
cmd.Parameters.Add(new SqlParameter("@Description", SqlDbType.NText));
cmd.Parameters.Add(new SqlParameter("@CustomerUpdated", SqlDbType.Int, 4));
cmd.Parameters.Add(new SqlParameter("@UpdatedBy", SqlDbType.Int, 4));
cmd.Parameters.Add(new SqlParameter("@CustomerSessionID", SqlDbType.Int, 4));
cmd.Parameters.Add(new SqlParameter("@logid", SqlDbType.BigInt, 8)).Direction = ParameterDirection.Output;
cmd.Parameters["@SecurityAction"].Value = MungeString(SecurityAction, SecurityParameters);
cmd.Parameters["@Description"].Value = MungeString(Description, SecurityParameters);
cmd.Parameters["@CustomerUpdated"].Value = CustomerUpdated;
cmd.Parameters["@UpdatedBy"].Value = UpdatedBy;
cmd.Parameters["@CustomerSessionID"].Value = CustomerSessionID;
try
{
cmd.ExecuteNonQuery();
}
catch (Exception ex)
{
err = ex.Message;
}
cn.Close();
cmd.Dispose();
cn.Dispose();
return(err);
}
