public SslClient(string ip, int port, UserCertificate certificate = null, int bufferSize = 1024) : base(ip, port)
{
try
{
_bufferSize = bufferSize;
if (certificate != null)
{
_certificate = certificate;
}
else
{
_certificate = new X509Certificate2();
}
_stream = new SslStream(GetStream(), false, ServerCertificateValidation, UserCertificateSelection);
_stream.AuthenticateAsClient(ip);
}
catch (AuthenticationException err)
{
ErrorOnAuthentication();
}
catch (SocketException)
{
ErrorOnAuthentication();
}
catch (Win32Exception)
{
ErrorOnAuthentication();
}
}
/// <param name="ack1SdIsReady">
/// =true for SD in ACK2
/// =false for SD in ACK1 (since the SessionDescription is not initialized yet)
/// </param>
internal byte[] Encrypt(ICryptoLibrary cryptoLibrary, InviteRequestPacket req, InviteAck1Packet ack1, InviteSession session,
bool ack1SdIsReady
)
{
BinaryProcedures.CreateBinaryWriter(out var ms, out var w);
w.Write(Flags);
UserCertificate.Encode(w, false);
BinaryProcedures.EncodeIPEndPoint(w, DirectChannelEndPoint);
NatBehaviour.Encode(w);
DirectChannelToken32.Encode(w);
w.Write((byte)SessionType);
UserCertificateSignature.Encode(w);
var bytesInLastBlock = (int)ms.Position % CryptoLibraries.AesBlockSize;
if (bytesInLastBlock != 0)
{
var bytesRemainingTillFullAesBlock = CryptoLibraries.AesBlockSize - bytesInLastBlock;
w.Write(cryptoLibrary.GetRandomBytes(bytesRemainingTillFullAesBlock));
}
var plainTextSdData = ms.ToArray();
var encryptedSdData = new byte[plainTextSdData.Length];
#region key, iv
BinaryProcedures.CreateBinaryWriter(out var ms2, out var w2);
req.GetSharedSignedFields(w2);
ack1.GetSharedSignedFields(w2, ack1SdIsReady);
var iv = cryptoLibrary.GetHashSHA256(ms2.ToArray()).Take(16).ToArray();
ms2.Write(session.SharedInviteAckDhSecret, 0, session.SharedInviteAckDhSecret.Length);
var aesKey = cryptoLibrary.GetHashSHA256(ms2.ToArray()); // here SHA256 is used as KDF, together with common fields from packets, including both ECDH public keys and timestamp
#endregion
cryptoLibrary.ProcessAesCbcBlocks(true, aesKey, iv, plainTextSdData, encryptedSdData);
return(encryptedSdData);
}
/// <summary>
/// 用户认证
/// </summary>
/// <param name="token">sessionId</param>
/// <returns></returns>
public static UserCertificate GetCertificate(string sessionKey)
{
try
{
//如果没有token直接显示未登陆
if (string.IsNullOrEmpty(sessionKey))
{
return(null);
}
UserCertificate cer = null;
string cerJson = CallTheApi(GetCertificateUrl.FormatWith(sessionKey), "", PublicKey, SecretKey, "POST", (a, r) =>
{
cer = (UserCertificate)a.TryParseEntity <UserCertificate>(r, "Passport",
new ExcludePropertiesContractResolver(new List <string> {
"Id"
}));
});
//UserCertificate cer = JsonConvert.DeserializeObject<UserCertificate>(cerJson);
return(cer != null ? cer : null);
}
catch
{
return(null);
}
}
void SendMessage()
{
if (!LocalUser.SendOrEcho)
{
return;
}
// send msg (with autoRetry=true) wait for completion
var userCertificate1 = UserCertificate.GenerateKeyPairsAndSignAtSingleDevice(_userApp.DrpPeerEngine.CryptoLibrary, _userApp.UserId,
_userApp.UserRootPrivateKeys, DateTime.UtcNow.AddHours(-1), DateTime.UtcNow.AddHours(1));
var sentText = $"echoTest_#{_sentCount}_from_{LocalUser.Name}_to_{RemoteUser.Name}_{_insecureRandom.Next()}";
var sw = Stopwatch.StartNew();
OnSent();
_userApp.LocalDrpPeer.BeginSendShortSingleMessage(userCertificate1, RemoteUser.RegistrationId, RemoteUser.UserId, sentText, TimeSpan.FromSeconds(60),
(exc) =>
{
if (exc != null)
{
_visionChannel.EmitListOfPeers(_userApp.DrpPeerEngine.Configuration.VisionChannelSourceId, DrpTesterVisionChannelModuleName, AttentionLevel.strongPain,
$"could not send message: {exc}");
if (!ContinueOnFailed())
{
return;
}
SendMessage();
}
else
{
BeginVerifyReceivedEchoedMessage(sentText, sw, Stopwatch.StartNew());
}
});
}
public async Task SendInvite_AtoX_Async()
{
_xUser.ContactBookUsersByRegId.Add(_aLocalDrpPeer.Configuration.LocalPeerRegistrationId, _aUser.UserId);
var aUserCertificate = UserCertificate.GenerateKeyPairsAndSignAtSingleDevice(_a.CryptoLibrary, _aUser.UserId, _aUser.UserRootPrivateKeys, DateTime.UtcNow.AddHours(-1), DateTime.UtcNow.AddHours(1));
var message = $"test Dcomms message {new Random().Next()}";
_a.Configuration.VisionChannel.Emit(_a.Configuration.VisionChannelSourceId, DrpTesterVisionChannelModuleName, AttentionLevel.guiActivity,
$"sending message: {message}");
_aLocalDrpPeer.BeginSendShortSingleMessage(aUserCertificate, _xLocalDrpPeer.Configuration.LocalPeerRegistrationId, _xUser.UserId, message, null,
(exc) =>
{
if (exc == null)
{
_visionChannel.Emit(_a.Configuration.VisionChannelSourceId, DrpTesterVisionChannelModuleName, AttentionLevel.guiActivity,
$"message was sent successfully");
}
else
{
_visionChannel.Emit(_a.Configuration.VisionChannelSourceId, DrpTesterVisionChannelModuleName, AttentionLevel.mediumPain,
$"message was not sent successfully");
}
});
}
public void BeginSendShortSingleMessage(UserCertificate requesterUserCertificate, RegistrationId responderRegistrationId, UserId responderUserId,
string messageText, TimeSpan?retryOnFailureUntilThisTimeout, Action <Exception> cb)
{
requesterUserCertificate.AssertHasPrivateKey();
Engine.EngineThreadQueue.Enqueue(async() =>
{
var sw1 = Stopwatch.StartNew();
_retry:
Logger logger = null;
try
{
var sw2 = Stopwatch.StartNew();
var session = await SendInviteAsync(requesterUserCertificate, responderRegistrationId, responderUserId, SessionType.asyncShortSingleMessage, null, (logger2) =>
{
logger = logger2;
if (Engine.Configuration.SandboxModeOnly_EnableInsecureLogs)
{
if (logger.WriteToLog_detail_enabled)
{
logger.WriteToLog_detail($"creating an invite session to send a message '{messageText}'");
}
}
});
if (logger.WriteToLog_detail_enabled)
{
logger.WriteToLog_detail($"invite session is ready to set up direct channel and send a message");
}
try
{
if (logger.WriteToLog_detail_enabled)
{
logger.WriteToLog_detail($"remote peer accepted invite session in {(int)sw2.Elapsed.TotalMilliseconds}ms: {session.RemoteSessionDescription}");
}
await session.SetupAEkeysAsync();
await session.SendShortSingleMessageAsync(messageText, requesterUserCertificate);
}
finally
{
session.Dispose();
}
cb?.Invoke(null);
}
catch (Exception exc)
{
var tryAgain = retryOnFailureUntilThisTimeout.HasValue && sw1.Elapsed < retryOnFailureUntilThisTimeout.Value;
logger?.WriteToLog_mediumPain($"sending INVITE failed (tryAgain={tryAgain}): {exc}");
logger?.WriteToLog_mediumPain_EmitListOfPeers($"sending INVITE failed (tryAgain={tryAgain}): {exc}");
if (tryAgain)
{
logger?.WriteToLog_higherLevelDetail($"trying again to send message: sw1={sw1.Elapsed.TotalSeconds}s < retryOnFailureUntilThisTimeout={retryOnFailureUntilThisTimeout.Value.TotalSeconds}s");
goto _retry;
}
cb?.Invoke(exc);
}
}, "BeginSendShortSingleMessage6342");
}
public List <User> GetUsers(bool local)
{
var query = _db_main.Table <User>();
if (local)
{
query = query.Where(x => x.OwnerLocalUserId == 0);
}
else
{
query = query.Where(x => x.OwnerLocalUserId != 0);
}
var users = query.ToList();
foreach (var u in users)
{
try
{
u.UserID = UserId.Decode(DecryptAndVerify(u.UserID_encrypted, u.UserID_hmac, u.Id, EncryptedFieldIds.User_UserID));
u.AliasID = BinaryProcedures.DecodeString2UTF8(DecryptAndVerify(u.AliasID_encrypted, u.AliasID_hmac, u.Id, EncryptedFieldIds.User_AliasID));
u.LocalUserCertificate = UserCertificate.Decode(DecryptAndVerify(u.LocalUserCertificate_encrypted, u.LocalUserCertificate_hmac, u.Id, EncryptedFieldIds.User_LocalUserCertificate));
u.Metadata = UserMetadata.Decode(DecryptAndVerify(u.Metadata_encrypted, u.Metadata_hmac, u.Id, EncryptedFieldIds.User_Metadata));
WriteToLog_deepDetail($"decrypted user '{u.AliasID}'");
}
catch (Exception exc)
{
HandleException($"can not decrypt/verify user ID={u.UserID}: ", exc);
}
}
return(users);
// var user = db.Get<UserId>(5); // primary key id of 5
}
/// <returns>remote IKE1 data</returns>
internal async Task <Ike1Data> Ike1Async_AtInviteResponder(UserCertificate localUserCertificateWithPrivateKeys, Ike1Data localIke1Data, UserCertificate remoteUserCertificate)
{
var remoteIke1Data = await ReceiveIke1DataAsync(remoteUserCertificate);
await SendIke1DataAsync(localUserCertificateWithPrivateKeys, localIke1Data);
return(remoteIke1Data);
}
protected override void RemoveCertificate(UserCertificate item)
{
var removed =
this.CertificatesCollection.SingleOrDefault(
x => x.Thumbprint == item.Thumbprint && x.Subject == item.Subject);
this.CertificatesCollection.Remove(removed);
}
public async Task WhenPackageSupportsButDoesNotRequireSigning_AcceptsUnsignedPackages()
{
// Arrange
var user1 = new User()
{
Key = 1
};
var user2 = new User()
{
Key = 2
};
var packageRegistration = new PackageRegistration()
{
Key = 3,
Id = TestResources.UnsignedPackageId
};
var certificate = new Certificate()
{
Key = 4,
Thumbprint = TestResources.Leaf1Thumbprint
};
var userCertificate = new UserCertificate()
{
Key = 5,
CertificateKey = certificate.Key,
Certificate = certificate,
UserKey = user1.Key,
User = user1
};
user1.UserCertificates.Add(userCertificate);
certificate.UserCertificates.Add(userCertificate);
packageRegistration.Owners.Add(user1);
packageRegistration.Owners.Add(user2);
_packageStream = TestResources.GetResourceStream(TestResources.UnsignedPackage);
_corePackageService
.Setup(x => x.FindPackageRegistrationById(It.Is <string>(id => id == _message.PackageId)))
.Returns(packageRegistration);
_message = new SignatureValidationMessage(
TestResources.UnsignedPackageId,
TestResources.UnsignedPackageVersion,
new Uri($"https://unit.test/{TestResources.UnsignedPackage.ToLowerInvariant()}"),
Guid.NewGuid());
// Act
var result = await _target.ValidateAsync(
_packageKey,
_packageStream,
_message,
_cancellationToken);
// Assert
Validate(result, ValidationStatus.Succeeded, PackageSigningStatus.Unsigned);
Assert.Empty(result.Issues);
}
public void SaveUserContext(string userId, string username)
{
var db = DbConHelper.NewDbCon();
var model = new UserCertificate();
model.UserId = userId;
model.UserName = username;
db.Insert(model);
}
void BeginTestMessage3(MessagesTest test, DrpTesterPeerApp peer1, DrpTesterPeerApp peer2, Stopwatch sw, string text)
{
var userCertificate1 = UserCertificate.GenerateKeyPairsAndSignAtSingleDevice(peer1.DrpPeerEngine.CryptoLibrary, peer1.UserId, peer1.UserRootPrivateKeys, DateTime.UtcNow.AddHours(-1), DateTime.UtcNow.AddHours(1));
peer1.LocalDrpPeer.BeginSendShortSingleMessage(userCertificate1, peer2.LocalDrpPeer.Configuration.LocalPeerRegistrationId, peer2.UserId, text, TimeSpan.FromSeconds(60), (exc) =>
{
BeginVerifyReceivedMessage(test, peer1, peer2, text, sw, Stopwatch.StartNew());
});
}
protected override void AddCertificate(UserCertificate item)
{
var userCertificate = new NhUserCertificate();
userCertificate.GetType().GetProperty("Thumbprint").SetValue(userCertificate, item.Thumbprint);
userCertificate.GetType().GetProperty("Subject").SetValue(userCertificate, item.Subject);
userCertificate.GetType().GetProperty("Account").SetValue(userCertificate, this);
this.CertificatesCollection.Add(userCertificate);
}
public async Task <ActionResult> StarteSealTspFlow([FromQuery(Name = "env_slt")] string envSlt)
{
// First step is to get a token with the retrieve friom the query param
SignatureOAuthUserToken signatureOAuthUserToken;
try
{
signatureOAuthUserToken = await DocuSignService.GetBearerTokenFromEnvSltAsync(_httpClientFactory, _dsConfig, envSlt);
}
catch (Exception e)
{
// If you ending up in this case, make sure you clientId/clientSecret are good
// Also make sure you are hitting the right environement
return(BadRequest(e));
}
// Initialize DocuSign ApiClient
var apiClient = new eSign.Client.ApiClient(signatureOAuthUserToken.user_api + "/restapi");
apiClient.Configuration.AddDefaultHeader("Authorization", "Bearer " + signatureOAuthUserToken.access_token);
DocuSign.eSign.Api.SignatureApi signatureApi = new eSign.Api.SignatureApi(apiClient);
// UserInfo
var userInfoResult = signatureApi.UserInfo();
UserCertificate userCertificate = new UserCertificate(userInfoResult.User.DisplayName, userInfoResult.User.Email, userInfoResult.Language.ToUpper(), "DocuSign");
var SignHashSessionInfoResult = signatureApi.SignHashSessionInfo(new eSign.Model.SignSessionInfoRequest(Convert.ToBase64String(userCertificate.CertContainer.Certificate.GetEncoded())));
if (SignHashSessionInfoResult.Documents[0] == null || SignHashSessionInfoResult.Documents[0].RemainingSignatures == 0L)
{
return(Ok("Nothing to sign"));
}
byte[] hashBytes = System.Convert.FromBase64String(SignHashSessionInfoResult.Documents[0].Data);
byte[] signedCmsData = SignatureProvider.SignatureProvider.Sign(hashBytes, userCertificate);
eSign.Model.DocumentUpdateInfo docInfo = new eSign.Model.DocumentUpdateInfo()
{
DocumentId = SignHashSessionInfoResult.Documents[0].DocumentId,
Data = Convert.ToBase64String(signedCmsData),
ReturnFormat = "CMS"
};
var CompleteSignHashResult = signatureApi.CompleteSignHash(new eSign.Model.CompleteSignRequest()
{
DocumentUpdateInfos = new List <eSign.Model.DocumentUpdateInfo> {
docInfo
}
});
ViewBag.CompleteResult = CompleteSignHashResult;
return(Redirect(CompleteSignHashResult.RedirectionUrl));
}
private void AddCertificate(UserCertificate cert)
{
if (InvokeRequired)
{
this.Invoke(new Action <UserCertificate>(AddCertificate), new object[] { cert });
return;
}
listCert.Add(cert);
listBox1.Items.Add("ID: " + cert.Id + " Public Key: " + cert.publicKey.n + cert.publicKey.e);
}
public async Task <IActionResult> Delete([FromRoute] long id)
{
var userCertificate = new UserCertificate()
{
Id = id
};
_context.Remove(userCertificate);
await _context.SaveChangesAsync();
return(Ok());
}
private Package ProcessMessage(Package pck)
{
//Console.WriteLine("#Certifiate Client: ");
//pck.Print();
Package response = new Package();
switch (pck.GetHeader("Command"))
{
case "Register":
BigInteger n = BigInteger.Parse(pck.GetHeader("Public Key n"));
BigInteger e = BigInteger.Parse(pck.GetHeader("Public Key e"));
UserCertificate newCertf = new UserCertificate(lastId++);
newCertf.publicKey = new RSAKey(n, e);
newCertf.timestamp = GetTimestamp(new DateTime());
AddCertificate(newCertf);
response.SetHeader("Public Key n", rsa.Key.n.ToString());
response.SetHeader("Public Key e", rsa.Key.e.ToString());
response.SetContent(newCertf.ToString());
break;
case "Verify":
int index = -1;
for (int i = 0; i < listCert.Count; i++)
{
if (listCert[i].ToString().Equals(pck.GetHeader("Certificate")))
{
index = 1;
}
}
if (index != -1)
{
response.SetContent("TRUE");
}
else
{
response.SetContent("FALSE");
}
break;
}
if (response.GetContent() != "")
{
string enc = rsa.encrypt(response.GetContent(), rsa.Key.d, rsa.Key.n);
// string dec = rsa.decrypt(enc, rsa.Key.e, rsa.Key.n);
// Console.WriteLine(enc + " => " +dec);
response.SetContent(enc);
}
return(response);
}
public async Task <IActionResult> RegisterCertificateCallback([FromBody] SmartCardAuthorizationResponse smartCardAuthorizationResponse)
{
var sub = HttpContext.User.Claims.FirstOrDefault(x => x.Type == "sub")?.Value;
if (string.IsNullOrEmpty(sub))
{
return(Json(new { success = false }));
}
var user = await _users.FindByIdAsync(sub);
if (smartCardAuthorizationResponse == null || string.IsNullOrEmpty(smartCardAuthorizationResponse.Certificate) || string.IsNullOrEmpty(smartCardAuthorizationResponse.Token))
{
return(Json(new { success = false }));
}
var certificate = CertificateUtilities.GetAndValidateCertificate(smartCardAuthorizationResponse.Certificate);
if (certificate == null)
{
return(Json(new { success = false }));
}
if (_authContext.UserCertificates.FirstOrDefault(x => x.Thumbprint == certificate.Thumbprint) != null)
{
return(Json(new { success = false }));
}
var payload = HttpContext.Session.GetString("certificateRegister.challenge");
var verifyResult = JwtUtils.ValidateJWT(
certificate,
smartCardAuthorizationResponse.Token,
smartCardAuthorizationResponse.Algorithm,
payload);
if (verifyResult)
{
var dbuser = _authContext.Users.First(u => u.Id == user.Id);
var userCert = new UserCertificate()
{
Certificate = Convert.ToBase64String(certificate.RawData),
Thumbprint = certificate.Thumbprint,
User = dbuser,
RegistrationDate = DateTime.Now,
Subject = certificate.Subject
};
_authContext.UserCertificates.Add(userCert);
_authContext.SaveChanges();
return(Json(new { success = true }));
}
return(Json(new { success = false }));
}
public int Insert(UserCertificate uc)
{
try
{
db.UserCertificates.Add(uc);
db.SaveChanges();
return(uc.ID);
}
catch
{
return(-1);
}
}
private async void connectButton_Click(object sender, EventArgs e)
{
Cursor = Cursors.WaitCursor;
DisableAll();
var statusLabel = new ToolStripStatusLabel("Connecting");
statusBar.Items.Add(statusLabel);
if (_connected)
{
DisconnectUser();
}
try
{
_certificate = identitiesListBox.SelectedItem as UserCertificate;
if (await ServerTransaction.Connect(_certificate))
{
await ConnectUser();
var login = _certificate.CommonName;
loginLabel.Text = login;
var message = string.Format("Successfull logged as {0}", login);
MessageBox.Show(message, "Successful", MessageBoxButtons.OK, MessageBoxIcon.Information);
_currentUser = _certificate;
}
else
{
MessageBox.Show("Failed to authenticate", "Login failed", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
}
catch (AuthenticationError)
{
MessageBox.Show("Failed to authenticate", "Login failed", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
catch (CloudException cloud)
{
MessageBox.Show(cloud.Message, "Cloud problem", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
catch (Exception)
{
MessageBox.Show("Unexcepted error occured. Click OK to contiune", "Error", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
EnableIdentity();
if (_connected)
{
EnableGroups();
}
statusBar.Items.Remove(statusLabel);
Cursor = Cursors.Arrow;
}
public async Task OnGetAsync(string authorizationCode)
{
// First step is to get a token with the retrieve friom the query param
try
{
SignatureOAuthUserToken = await DocuSignService.GetBearerTokenFromCodeAsync(_httpClientFactory, _dsConfig, authorizationCode);
}
catch (Exception e)
{
// If you ending up in this case, make sure you clientId/clientSecret are good
// Also make sure you are hitting the right environement
ViewData["Error"] = e;
}
// Initialize DocuSign ApiClient
var apiClient = new eSign.Client.ApiClient(SignatureOAuthUserToken.user_api + "/restapi");
apiClient.Configuration.AddDefaultHeader("Authorization", "Bearer " + SignatureOAuthUserToken.access_token);
DocuSign.eSign.Api.SignatureApi signatureApi = new eSign.Api.SignatureApi(apiClient);
// Get UserInfo
var userInfoResponse = signatureApi.UserInfo();
ViewData["UserInfo"] = JsonConvert.SerializeObject(userInfoResponse);
UserCertificate userCertificate = new UserCertificate(UserInfoResponse.User.DisplayName, UserInfoResponse.User.Email, UserInfoResponse.Language.ToUpper(), "DocuSign");
//var SignHashSessionInfoResult = signatureApi.SignHashSessionInfo(new eSign.Model.SignSessionInfoRequest(Convert.ToBase64String(userCertificate.CertContainer.Certificate.GetEncoded())));
//if (SignHashSessionInfoResult.Documents[0] == null || SignHashSessionInfoResult.Documents[0].RemainingSignatures == "0")
//{
// return Ok("Nothing to sign");
//}
//byte[] hashBytes = System.Convert.FromBase64String(SignHashSessionInfoResult.Documents[0].Data);
//byte[] signedCmsData = SignatureProvider.SignatureProvider.Sign(hashBytes, userCertificate);
//eSign.Model.DocumentUpdateInfo docInfo = new eSign.Model.DocumentUpdateInfo()
//{
// DocumentId = SignHashSessionInfoResult.Documents[0].DocumentId,
// Data = Convert.ToBase64String(signedCmsData),
// ReturnFormat = "CMS"
//};
//var CompleteSignHashResult = signatureApi.CompleteSignHash(new eSign.Model.CompleteSignRequest() { DocumentUpdateInfos = new List<eSign.Model.DocumentUpdateInfo> { docInfo } });
//ViewBag.CompleteResult = CompleteSignHashResult;
//return Redirect(CompleteSignHashResult.RedirectionUrl);
}
public void AddLocalUser(string aliasId)
{
try
{
UserRootPrivateKeys.CreateUserId(1, 1, TimeSpan.FromDays(365 * 3 + 10), _drpPeerEngine.CryptoLibrary, out var userRootPrivateKeys, out var userId);
var userCertificateWithPrivateKey = UserCertificate.GenerateKeyPairsAndSignAtSingleDevice(_drpPeerEngine.CryptoLibrary, userId, userRootPrivateKeys, DateTime.UtcNow.AddHours(-1), DateTime.UtcNow.AddYears(3));
userCertificateWithPrivateKey.AssertHasPrivateKey();
userCertificateWithPrivateKey.AssertIsValidNow(_drpPeerEngine.CryptoLibrary, userId, _drpPeerEngine.DateTimeNowUtc);
var u = new User
{
AliasID = aliasId,
UserID = userId,
OwnerLocalUserId = 0,
LocalUserCertificate = userCertificateWithPrivateKey,
};
_db.InsertUser(u);
var ruk = new RootUserKeys
{
UserId = u.Id,
UserRootPrivateKeys = userRootPrivateKeys
};
_db.InsertRootUserKeys(ruk);
RegistrationId.CreateNew(_drpPeerEngine.CryptoLibrary, out var regPrivateKey, out var registrationId);
var regId = new UserRegistrationID
{
UserId = u.Id,
RegistrationId = registrationId,
RegistrationPrivateKey = regPrivateKey
};
_db.InsertUserRegistrationID(regId);
var newLocalUser = new LocalUser
{
User = u,
RootUserKeys = ruk,
UserRegistrationIDs = new List <UserRegistrationID> {
regId
}
};
LocalUsers.Add(u.Id, newLocalUser);
newLocalUser.CreateLocalDrpPeers(this);
}
catch (Exception exc)
{
HandleException("error when adding new local user: ", exc);
}
}
private async void getCertificatesButton_Click(object sender, EventArgs e)
{
Cursor = Cursors.WaitCursor;
DisableAll();
var statusLabel = new ToolStripStatusLabel("Downloadig certificates");
statusBar.Items.Add(statusLabel);
var selectedUsers = usersListBox.SelectedItems;
if (selectedUsers.Count > 0)
{
try
{
var certificates = new List <string>();
foreach (User user in selectedUsers)
{
var tempCertificate = Path.GetTempFileName();
statusLabel.Text = string.Format("Downloading certificate ({0})", user.CommonName);
await _cloud.DownloadCertificateAsync(tempCertificate, user);
certificates.Add(tempCertificate);
}
var certificatesStore = new X509Store(StoreName.AddressBook, StoreLocation.CurrentUser);
certificatesStore.Open(OpenFlags.ReadWrite);
foreach (var certificate in certificates)
{
var cert = new UserCertificate(certificate);
statusLabel.Text = string.Format("Adding certificate to user store ({0})", cert.CommonName);
certificatesStore.Add(cert);
File.Delete(certificate);
}
certificatesStore.Close();
}
catch (CloudException cloud)
{
MessageBox.Show(cloud.Message, "Cloud problem", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
catch (Exception)
{
MessageBox.Show("Unexcepted error occured. Click OK to contiune", "Error", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
}
else
{
MessageBox.Show("Select users first", "Select users", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
EnableAll();
statusBar.Items.Remove(statusLabel);
Cursor = Cursors.Arrow;
}
private void ActivateCertificate(User user)
{
var userCertificate = new UserCertificate()
{
Key = _certificate.UserCertificates.Count() + 1,
UserKey = user.Key,
User = user,
CertificateKey = _certificate.Key,
Certificate = _certificate
};
_certificate.UserCertificates.Add(userCertificate);
user.UserCertificates.Add(userCertificate);
}
/// <returns>remote IKE1 data: user ID, reg IDs</returns>
internal async Task <Ike1Data> Ike1Async_AtInviteRequester(UserCertificate localUserCertificateWithPrivateKeys, Ike1Data localIke1Data, UserCertificate remoteUserCertificate)
{
if (!DerivedDirectChannelSharedDhSecretsAE)
{
throw new InvalidOperationException("DerivedDirectChannelSharedDhSecretsAE = false");
}
if (Logger.WriteToLog_detail_enabled)
{
Logger.WriteToLog_detail(">> InviteSession.Ike1Async_AtInviteRequester()");
}
await SendIke1DataAsync(localUserCertificateWithPrivateKeys, localIke1Data);
return(await ReceiveIke1DataAsync(remoteUserCertificate));
}
public UserCertificate GetUserCertificate(string uid, string cid)
{
UserCertificate cert = _context.UserCertificates.FirstOrDefault(cert => cert.CertId == cid && cert.UserId == uid);
if (cert == null)
{
return(cert);
}
X509Certificate2 xCert = new X509Certificate2(cert.RawCertBody);
Log.Information("Verifying obtained cert...");
_verify_certificate(xCert);
return(cert);
}
public DrpTesterPeerApp(DrpPeerEngine drpPeerEngine, LocalDrpPeerConfiguration drpPeerRegistrationConfiguration, UserRootPrivateKeys userRootPrivateKeys = null, UserId userId = null)
{
DrpPeerRegistrationConfiguration = drpPeerRegistrationConfiguration;
DrpPeerEngine = drpPeerEngine;
if (userRootPrivateKeys == null || userId == null)
{
UserRootPrivateKeys.CreateUserId(3, 2, TimeSpan.FromDays(367), DrpPeerEngine.CryptoLibrary, out UserRootPrivateKeys, out UserId);
}
else
{
UserId = userId;
UserRootPrivateKeys = userRootPrivateKeys;
}
UserCertificateWithPrivateKey = UserCertificate.GenerateKeyPairsAndSignAtSingleDevice(DrpPeerEngine.CryptoLibrary, UserId, UserRootPrivateKeys, DateTime.UtcNow.AddHours(-1), DateTime.UtcNow.AddYears(1));
}
public async static Task <bool> Connect(UserCertificate certificate)
{
try
{
using (SslClient stream = new SslClient(_configuration.IP, _configuration.Port, certificate))
{
await stream.SendStringAsync("connect");
await Authenticate(stream, new User(certificate));
}
}
catch (AuthenticationError error)
{
return(false);
}
return(true);
}
void BeginTestInvites(InvitesTest test, Action cb = null)
{
var peer1 = test.Peers[_inviteTestsCounter++ % test.Peers.Count];
_retry:
var peer2 = test.Peers[_rnd.Next(test.Peers.Count)];
if (peer1 == peer2)
{
goto _retry;
}
EmitAllPeers(AttentionLevel.guiActivity, $"testing message from {peer1} to {peer2} ({test.counter}/{test.MaxCount}) {DateTime.Now}");
var userCertificate1 = UserCertificate.GenerateKeyPairsAndSignAtSingleDevice(peer1.DrpPeerEngine.CryptoLibrary, peer1.UserId, peer1.UserRootPrivateKeys, DateTime.UtcNow.AddHours(-1), DateTime.UtcNow.AddHours(1));
var text = $"test{_rnd.Next()}-{_rnd.Next()}_from_{peer1}_to_{peer2}";
peer1.LocalDrpPeer.BeginSendShortSingleMessage(userCertificate1, peer2.LocalDrpPeer.Configuration.LocalPeerRegistrationId, peer2.UserId, text, null, (exc) =>
{
test.counter++;
if (peer2.LatestReceivedTextMessage == text)
{
test.successfulCount++;
_visionChannel.Emit(peer1.DrpPeerEngine.Configuration.VisionChannelSourceId, DrpTesterVisionChannelModuleName,
AttentionLevel.guiActivity, $"successfully tested message from {peer1} to {peer2}. success rate = {(double)test.successfulCount * 100 / test.counter}% ({test.successfulCount}/{test.counter})");
}
else
{
EmitAllPeers(AttentionLevel.mediumPain, $"test message failed from {peer1} to {peer2}: received '{peer2.LatestReceivedTextMessage}', expected '{text}");
}
if (test.counter < test.MaxCount)
{
BeginTestInvites(test, cb);
}
else
{
var successRatePercents = (double)test.successfulCount * 100 / test.counter;
var level = successRatePercents == 100 ? AttentionLevel.guiActivity : (successRatePercents > 99 ? AttentionLevel.lightPain : AttentionLevel.mediumPain);
_visionChannel.Emit(peer1.DrpPeerEngine.Configuration.VisionChannelSourceId, DrpTesterVisionChannelModuleName,
level, $"messages test is complete: success rate = {successRatePercents}%");
cb?.Invoke();
}
});
}
public void RevokeUserCertificate(string uid, string cid)
{
//get root cert
X509Certificate rootCert = DotNetUtilities.FromX509Certificate(getRootCert());
//get user cert to be revoked
UserCertificate userCert = GetUserCertificate(uid, cid);
X509Certificate certToRevoke = new X509CertificateParser().ReadCertificate(userCert.RawCertBody);
//parse the last CRL
X509CrlParser crlParser = new X509CrlParser();
FileStream fileStream = File.Open(_configuration["CrlPath"], FileMode.Open);
X509Crl rootCrl = crlParser.ReadCrl(fileStream);
fileStream.Close();
//extract the CRL number
Asn1OctetString prevCrlNum = rootCrl.GetExtensionValue(X509Extensions.CrlNumber);
Asn1Object obj = X509ExtensionUtilities.FromExtensionValue(prevCrlNum);
BigInteger prevCrlNumVal = DerInteger.GetInstance(obj).PositiveValue;
//generate new CRL
X509V2CrlGenerator crlGenerator = new X509V2CrlGenerator();
crlGenerator.SetIssuerDN(rootCert.SubjectDN);
crlGenerator.SetThisUpdate(DateTime.UtcNow);
crlGenerator.SetNextUpdate(DateTime.UtcNow.AddDays(10));
crlGenerator.AddCrl(rootCrl); //add the old CRL entries
//add the newly revoked certificates
crlGenerator.AddCrlEntry(certToRevoke.SerialNumber, DateTime.UtcNow, CrlReason.PrivilegeWithdrawn);
//increment CRL Number by 1
crlGenerator.AddExtension("2.5.29.20", false, new CrlNumber(prevCrlNumVal.Add(BigInteger.One)));
AsymmetricKeyParameter bouncyCastlePrivateKey = PrivateKeyFactory.CreateKey(getRootPrivateKey().ExportPkcs8PrivateKey());
var sigFactory = new Asn1SignatureFactory("SHA256WITHECDSA", bouncyCastlePrivateKey);
X509Crl nextCrl = crlGenerator.Generate(sigFactory);
// writePem(_configuration["CrlOldPath"], rootCrl); // write old CRL as backup
writePem(_configuration["CrlPath"], nextCrl); //write new CRL
// sanity check
nextCrl.Verify(rootCert.GetPublicKey());
userCert.Revoked = true;
_context.UserCertificates.Update(userCert);
}
protected internal override void RemoveCertificate(UserCertificate item)
{
UserCertificateCollection.Remove(item);
}
protected internal override void AddCertificate(UserCertificate item)
{
UserCertificateCollection.Add(item);
}
protected override void AddCertificate(UserCertificate item)
{
var userCertificate = new NhUserCertificate();
userCertificate.GetType().GetProperty("Thumbprint").SetValue(userCertificate, item.Thumbprint);
userCertificate.GetType().GetProperty("Subject").SetValue(userCertificate, item.Subject);
userCertificate.GetType().GetProperty("Account").SetValue(userCertificate, this);
this.CertificatesCollection.Add(userCertificate);
}
protected override void RemoveCertificate(UserCertificate item)
{
var removed =
this.CertificatesCollection.SingleOrDefault(
x => x.Thumbprint == item.Thumbprint && x.Subject == item.Subject);
this.CertificatesCollection.Remove(removed);
}
protected internal override void AddCertificate(UserCertificate item)
{
UserCertificateCollection.Add(new RelationalUserCertificate { UserAccountID = this.ID, Thumbprint = item.Thumbprint, Subject = item.Subject });
}
