public TClass ExecuteSymKeyEncryption <TClass>(RestRequest request, string body) where TClass : new()
{
request.AddHeader("client", DtoGobalSettings.ClientIdentity.Name);
request.AddHeader("identifier", DtoGobalSettings.ClientIdentity.Guid);
var serviceSetting = new ServiceSetting();
var entropy = serviceSetting.GetSetting("entropy");
var encryptedKey = serviceSetting.GetSetting("encryption_key");
var decryptedKey = ServiceDP.DecryptData(Convert.FromBase64String(encryptedKey.Value), true,
Convert.FromBase64String(entropy.Value));
if (!string.IsNullOrEmpty(body))
{
var encryptedContent = new ServiceSymmetricEncryption().EncryptData(decryptedKey, body);
request.AddParameter("text/xml", encryptedContent, ParameterType.RequestBody);
}
var deviceThumbprint = new ServiceSetting().GetSetting("device_thumbprint");
var deviceCert = ServiceCertificate.GetCertificateFromStore(deviceThumbprint.Value, StoreName.My);
if (deviceCert == null)
{
return(default(TClass));
}
var encryptedCert = new ServiceSymmetricEncryption().EncryptData(decryptedKey,
Convert.ToBase64String(deviceCert.RawData));
request.AddHeader("device_cert", Convert.ToBase64String(encryptedCert));
return(SubmitRequest <TClass>(request, decryptedKey));
}
public bool Reset(string key, string thumbprint)
{
Logger.Info("Resetting Server Key");
var entropy = new byte[16];
new RNGCryptoServiceProvider().GetBytes(entropy);
var serverKeyBytes = Encoding.ASCII.GetBytes(key);
var encryptedKey = ServiceDP.EncryptData(serverKeyBytes, true, entropy);
var serviceSetting = new ServiceSetting();
var serverKeyEntropy = serviceSetting.GetSetting("server_key_entropy");
serverKeyEntropy.Value = Convert.ToBase64String(entropy);
serviceSetting.UpdateSettingValue(serverKeyEntropy);
var serverKey = serviceSetting.GetSetting("server_key");
serverKey.Value = Convert.ToBase64String(encryptedKey);
serviceSetting.UpdateSettingValue(serverKey);
var caThumbprint = serviceSetting.GetSetting("ca_thumbprint");
caThumbprint.Value = thumbprint;
serviceSetting.UpdateSettingValue(caThumbprint);
Logger.Info("Resetting Server Key Finished");
return(true);
}
public bool DownloadFile(RestRequest request, string body, string destination)
{
if (string.IsNullOrEmpty(body))
{
throw new ArgumentException("body");
}
request.AddHeader("client", DtoGobalSettings.ClientIdentity.Name);
request.AddHeader("identifier", DtoGobalSettings.ClientIdentity.Guid);
var serviceSetting = new ServiceSetting();
var entropy = serviceSetting.GetSetting("entropy");
var encryptedKey = serviceSetting.GetSetting("encryption_key");
var decryptedKey = ServiceDP.DecryptData(Convert.FromBase64String(encryptedKey.Value), true,
Convert.FromBase64String(entropy.Value));
var encryptedContent = new ServiceSymmetricEncryption().EncryptData(decryptedKey, body);
request.AddParameter("text/xml", encryptedContent, ParameterType.RequestBody);
var deviceThumbprint = new ServiceSetting().GetSetting("device_thumbprint");
var deviceCert = ServiceCertificate.GetCertificateFromStore(deviceThumbprint.Value, StoreName.My);
if (deviceCert == null)
{
return(false);
}
var encryptedCert = new ServiceSymmetricEncryption().EncryptData(decryptedKey,
Convert.ToBase64String(deviceCert.RawData));
request.AddHeader("device_cert", Convert.ToBase64String(encryptedCert));
try
{
_log.Debug(request.Resource);
using (var stream = File.Create(destination, 4096))
{
request.ResponseWriter = (responseStream) => responseStream.CopyTo(stream);
_client.DownloadData(request);
if (stream.Length == 0)
{
//something went wrong, rest sharp can't display any other info with downloaddata, so we don't know why
return(false);
}
}
return(true);
}
catch (Exception ex)
{
_log.Error("Could Not Save File: " + destination);
_log.Error(ex.Message);
return(false);
}
}
public TClass ExecuteHMAC <TClass>(RestRequest request, string computerName) where TClass : new()
{
//Calculate UNIX time
var epochStart = new DateTime(1970, 01, 01, 0, 0, 0, 0, DateTimeKind.Utc);
var timeSpan = DateTime.UtcNow - epochStart;
var requestTimeStamp = Convert.ToUInt64(timeSpan.TotalSeconds).ToString();
var nonce = Guid.NewGuid().ToString("N");
var url =
HttpUtility.UrlEncode(_client.BaseUrl + request.Resource).ToLower();
var body = request.Parameters.FirstOrDefault(p => p.Type == ParameterType.RequestBody);
var requestContentBase64String = string.Empty;
if (body != null)
{
var content = Encoding.ASCII.GetBytes(body.Value.ToString());
var md5 = MD5.Create();
var requestContentHash = md5.ComputeHash(content);
requestContentBase64String = Convert.ToBase64String(requestContentHash);
}
var signatureRawData = string.Format("{0}{1}{2}{3}{4}{5}", computerName, request.Method, url,
requestTimeStamp, nonce, requestContentBase64String);
var serviceSetting = new ServiceSetting();
var serverKeyEntropy = serviceSetting.GetSetting("server_key_entropy");
var encryptedServerKey = serviceSetting.GetSetting("server_key");
var decryptedServerKey = ServiceDP.DecryptData(Convert.FromBase64String(encryptedServerKey.Value), true,
Convert.FromBase64String(serverKeyEntropy.Value));
var signature = Encoding.UTF8.GetBytes(signatureRawData);
string requestSignatureBase64String;
using (var hmac = new HMACSHA256(decryptedServerKey))
{
var signatureBytes = hmac.ComputeHash(signature);
requestSignatureBase64String = Convert.ToBase64String(signatureBytes);
}
request.AddHeader("Authorization",
"amx " +
string.Format("{0}:{1}:{2}:{3}", computerName, requestSignatureBase64String, nonce, requestTimeStamp));
return(SubmitRequest <TClass>(request));
}
private EnumProvisionStatus.Status RenewSymmKey()
{
var deviceThumbprint = _serviceSetting.GetSetting("device_thumbprint");
var deviceCert = ServiceCertificate.GetCertificateFromStore(deviceThumbprint.Value, StoreName.My);
if (deviceCert == null)
{
return(EnumProvisionStatus.Status.Error);
}
var key = GenerateSymmKey();
var renewRequest = new DtoRenewKeyRequest();
renewRequest.Name = DtoGobalSettings.ClientIdentity.Name;
renewRequest.Guid = DtoGobalSettings.ClientIdentity.Guid;
renewRequest.DeviceCert = Convert.ToBase64String(deviceCert.RawData);
renewRequest.SymmKey = Convert.ToBase64String(key);
var renewResult = new APICall().ProvisionApi.RenewSymmKey(renewRequest);
if (renewResult == null)
{
return(EnumProvisionStatus.Status.Error);
}
if (renewResult.ProvisionStatus != EnumProvisionStatus.Status.Provisioned)
{
return(renewResult.ProvisionStatus);
}
UpdateComServers(renewResult.ComServers);
var entropy = _serviceSetting.GetSetting("entropy");
var entropyBytes = ServiceDP.CreateRandomEntropy();
entropy.Value = Convert.ToBase64String(entropyBytes);
_serviceSetting.UpdateSettingValue(entropy);
var encryptedKey = ServiceDP.EncryptData(key, true, entropyBytes);
var keySetting = _serviceSetting.GetSetting("encryption_key");
keySetting.Value = Convert.ToBase64String(encryptedKey);
_serviceSetting.UpdateSettingValue(keySetting);
return(EnumProvisionStatus.Status.Provisioned);
}
private EnumProvisionStatus.Status ProvisionStage2()
{
var intermediateThumbprint = _serviceSetting.GetSetting("intermediate_thumbprint");
if (string.IsNullOrEmpty(intermediateThumbprint.Value))
{
//assume stage 1 didn't finish
return(EnumProvisionStatus.Status.NotStarted);
}
var intermediate = ServiceCertificate.GetCertificateFromStore(intermediateThumbprint.Value,
StoreName.CertificateAuthority);
if (intermediate == null)
{
return(EnumProvisionStatus.Status.NotStarted);
}
var key = GenerateSymmKey();
var provisionRequest = new DtoProvisionRequest();
provisionRequest.Name = DtoGobalSettings.ClientIdentity.Name;
provisionRequest.AdGuid = new ServiceAD().GetADGuid(provisionRequest.Name);
provisionRequest.SymmKey = EncryptDataWithIntermediate(intermediate.PublicKey.Key, key);
provisionRequest.InstallationId = DtoGobalSettings.ClientIdentity.InstallationId;
//include some hardware details
Logger.Debug("Gathering Hardware Details");
var inventoryCollection = new DtoInventoryCollection();
new ComputerSystem().Search(inventoryCollection);
new Bios().Search(inventoryCollection);
new Processor().Search(inventoryCollection);
new Nic().Search(inventoryCollection);
try
{
var m = Convert.ToInt64(inventoryCollection.ComputerSystem.TotalPhysicalMemory);
provisionRequest.Memory = Convert.ToInt32(m / 1024 / 1024);
}
catch
{
provisionRequest.Memory = 0;
}
try
{
provisionRequest.Processor = inventoryCollection.Processor.Name;
}
catch
{
provisionRequest.Processor = string.Empty;
}
try
{
provisionRequest.SerialNumber = inventoryCollection.Bios.SerialNumber;
}
catch
{
provisionRequest.SerialNumber = string.Empty;
}
try
{
provisionRequest.Model = inventoryCollection.ComputerSystem.Model;
}
catch
{
provisionRequest.Model = string.Empty;
}
try
{
foreach (var nic in inventoryCollection.NetworkAdapters)
{
provisionRequest.Macs.Add(nic.Mac);
}
}
catch
{
//do nothing
}
inventoryCollection = null;
var response = new APICall().ProvisionApi.ProvisionClient(provisionRequest);
if (response == null)
{
return(EnumProvisionStatus.Status.Error);
}
if (response.ProvisionStatus == EnumProvisionStatus.Status.Reset)
{
Logger.Info("Client Reset Approved. Starting Reset Process.");
return(EnumProvisionStatus.Status.Reset);
}
if (response.ProvisionStatus == EnumProvisionStatus.Status.FullReset)
{
Logger.Info("Client Full Reset Requested. Starting Full Reset Process.");
return(EnumProvisionStatus.Status.FullReset);
}
if (response.ProvisionStatus == EnumProvisionStatus.Status.PendingReset)
{
Logger.Info("Client Is Pending Reset Approval.");
return(EnumProvisionStatus.Status.PendingReset);
}
if (response.ProvisionStatus == EnumProvisionStatus.Status.PendingProvisionApproval)
{
Logger.Info("Client Is Pending Provisioning Approval");
return(EnumProvisionStatus.Status.PendingProvisionApproval);
}
if (response.ProvisionStatus == EnumProvisionStatus.Status.PendingPreProvision)
{
Logger.Info("Client Has Not Been Pre-Provisioned And The Current Security Policy Requires It.");
return(EnumProvisionStatus.Status.PendingPreProvision);
}
if (response.ProvisionStatus != EnumProvisionStatus.Status.PendingConfirmation)
{
return(EnumProvisionStatus.Status.Error);
}
var byteCert = Convert.FromBase64String(response.Certificate);
var base64Cert = new ServiceSymmetricEncryption().Decrypt(key, byteCert);
var deviceCert = new X509Certificate2(Convert.FromBase64String(base64Cert));
if (ServiceCertificate.StoreLocalMachine(deviceCert, StoreName.My))
{
var deviceThumbprint = _serviceSetting.GetSetting("device_thumbprint");
deviceThumbprint.Value = deviceCert.Thumbprint;
_serviceSetting.UpdateSettingValue(deviceThumbprint);
var computerIdentifier = _serviceSetting.GetSetting("computer_identifier");
computerIdentifier.Value = response.ComputerIdentifier;
DtoGobalSettings.ClientIdentity.Guid = response.ComputerIdentifier;
_serviceSetting.UpdateSettingValue(computerIdentifier);
var entropy = _serviceSetting.GetSetting("entropy");
var entropyBytes = ServiceDP.CreateRandomEntropy();
entropy.Value = Convert.ToBase64String(entropyBytes);
_serviceSetting.UpdateSettingValue(entropy);
var encryptedKey = ServiceDP.EncryptData(key, true, entropyBytes);
var keySetting = _serviceSetting.GetSetting("encryption_key");
keySetting.Value = Convert.ToBase64String(encryptedKey);
_serviceSetting.UpdateSettingValue(keySetting);
var settingProvisionStatus = _serviceSetting.GetSetting("provision_status");
settingProvisionStatus.Value = Convert.ToInt16(response.ProvisionStatus).ToString();
_serviceSetting.UpdateSettingValue(settingProvisionStatus);
}
return(EnumProvisionStatus.Status.PendingConfirmation);
}
