public async Task <string> CreateRefreshTokenAsync(AuthenticationTicket ticket, string protectedTicket)
{
if (ticket == null)
{
throw new ArgumentNullException("ticket");
}
if (string.IsNullOrWhiteSpace(protectedTicket))
{
throw new ArgumentNullException("protectedTicket");
}
var refreshTokenId = Guid.NewGuid().ToString("n");
var refreshToken = CryptoAes.GetHash(refreshTokenId);
var clientId = ticket.Properties.Dictionary["as:client_id"];
var token = new RefreshToken
{
Id = refreshToken,
ClientId = clientId,
Subject = ticket.Identity.Name,
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = ticket.Properties.ExpiresUtc.GetValueOrDefault().DateTime,
ProtectedTicket = protectedTicket
};
var result = await userManager.AddRefreshTokenAsync(token);
return((result) ? refreshToken : null);
}
private static List <Client> BuildClientsList()
{
var clientsList = new List <Client>
{
new Client
{
Id = "RestaurantDemoApp",
Secret = CryptoAes.GetHash("*****@*****.**"),
Name = "Chinese Restaurant",
ApplicationType = ApplicationTypes.JavaScript,
Active = true,
RefreshTokenLifeTime = 7200,
AllowedOrigin = "http://www.swaksoft.com"
},
new Client
{
Id = "RestaurantDemoTestApp",
Secret = CryptoAes.GetHash("*****@*****.**"),
Name = "Chinese Restaurant Test",
ApplicationType = ApplicationTypes.JavaScript,
Active = true,
RefreshTokenLifeTime = 7200,
AllowedOrigin = "http://localhost:20178"
}
};
return(clientsList);
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId;
string clientSecret;
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (context.ClientId == null)
{
//Remove the comments from the below line context.SetError, and invalidate context
//if you want to force sending clientId/secrects once obtain access tokens.
context.Validated();
//context.SetError("invalid_clientId", "ClientId should be sent.");
return(Task.FromResult <object>(null));
}
var client = _identityRepository.FindClient(context.ClientId);
if (client == null)
{
context.SetError("invalid_clientId", string.Format("Client '{0}' is not registered in the system.", context.ClientId));
return(Task.FromResult <object>(null));
}
if (client.ApplicationType == ApplicationTypes.NativeConfidential)
{
if (string.IsNullOrWhiteSpace(clientSecret))
{
context.SetError("invalid_clientId", "Client secret should be sent.");
return(Task.FromResult <object>(null));
}
if (client.Secret != CryptoAes.GetHash(clientSecret))
{
context.SetError("invalid_clientId", "Client secret is invalid.");
return(Task.FromResult <object>(null));
}
}
if (!client.Active)
{
context.SetError("invalid_clientId", "Client is inactive.");
return(Task.FromResult <object>(null));
}
context.OwinContext.Set("as:clientAllowedOrigin", client.AllowedOrigin);
context.OwinContext.Set("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString());
context.Validated();
return(Task.FromResult <object>(null));
}
private static void CreateConfig()
{
Console.WriteLine(" - Creating default conficuration file");
StringBuilder sb = new StringBuilder();
if (DB_KEY is null || DB_KEY.Length > 0)
{
Console.WriteLine(" - Generate DB_KEY");
DB_KEY = CryptoAes.GenerateHexString(40);
DB_KEY_A = CryptoAes.KeyToBytes(DB_KEY, 32); //256-bits
DB_KEY_B = CryptoAes.KeyToBytes(DB_KEY, 16); //128-bits
}
if (PRESHARED_KEY is null || PRESHARED_KEY.Length > 0)
{
Console.WriteLine(" - Generate PRESHARED_KEY");
PRESHARED_KEY = CryptoAes.GenerateHexString(40);
PRESHARED_KEY_A = CryptoAes.KeyToBytes(PRESHARED_KEY, 32); //256-bits
PRESHARED_KEY_B = CryptoAes.KeyToBytes(PRESHARED_KEY, 16); //128-bits
}
sb.AppendLine($"# version {Assembly.GetExecutingAssembly().GetName().Version.Major}.{Assembly.GetExecutingAssembly().GetName().Version.Minor}");
sb.AppendLine();
sb.AppendLine($"db_key = {DB_KEY}");
sb.AppendLine($"preshared_key = {PRESHARED_KEY}");
sb.AppendLine();
sb.AppendLine($"force_registry_keys = {force_registry_keys.ToString().ToLower()}");
sb.AppendLine();
sb.AppendLine("# you can use multiple entries");
sb.AppendLine("ip_access = *");
sb.AppendLine();
sb.AppendLine("http_enable = true");
sb.AppendLine("http_prefix = https://+:443/");
sb.AppendLine("http_prefix = http://127.0.0.1:80/");
sb.AppendLine();
sb.AppendLine("addressbook_enable = false");
sb.AppendLine("addressbook_prefix = http://*:911/");
sb.AppendLine();
sb.AppendLine();
sb.AppendLine("###");
sb.AppendLine("### Use NETSH to bind an SSL certificate with your https endpoint:");
sb.AppendLine($"### netsh http add sslcert ipport=0.0.0.0:443 certhash=[thumbprint] appid={{{GetAppid()}}}");
sb.AppendLine("###");
File.WriteAllText(Strings.FILE_CONFIG, sb.ToString());
}
public OAuthToken(string accessToken, string accessTokenSecret)
{
if (string.IsNullOrWhiteSpace(accessToken))
{
throw new ArgumentNullException("accessToken");
}
var crypto = new CryptoAes();
AccessToken = crypto.EncryptToString(accessToken);
if (!string.IsNullOrWhiteSpace(accessTokenSecret))
{
AccessTokenSecret = crypto.EncryptToString(accessTokenSecret);
}
}
public void SaveSettings()
{
Settings.Default.ip_index = cmbListennerIp.SelectedIndex;
Settings.Default.port = (int)txtListennerPort.Value;
Settings.Default.key = txtKey.Text;
key = txtKey.Text;
bKey = key.Length > 0 ? CryptoAes.KeyToBytes(key, 32) : null; //256-bits
bIv = CryptoAes.KeyToBytes(key, 16); //128-bits
Settings.Default.stamp_enable = srv_stamp.chkEnable.Checked;
Settings.Default.uvnc_enable = srv_uvnc.chkEnable.Checked;
Settings.Default.uvnc_exe = srv_uvnc.txtExe.Text;
Settings.Default.uvnc_para = srv_uvnc.txtParam.Text;
Settings.Default.uvnc_pass = CryptoAes.EncryptB64($"3{srv_uvnc.txtPassword.Text}", bKey, bIv); //add salt
Settings.Default.mstsc_enable = srv_rdp.chkEnable.Checked;
Settings.Default.mstsc_exe = srv_rdp.txtExe.Text;
Settings.Default.mstsc_para = srv_rdp.txtParam.Text;
Settings.Default.rdp_native_client = chkOverrideWinRdpClient.Checked;
Settings.Default.rdp_user = srv_rdp.txtUsername.Text;
Settings.Default.rdp_pass = CryptoAes.EncryptB64($"9{srv_rdp.txtPassword.Text}", bKey, bIv); //add salt
Settings.Default.pse_enable = srv_pse.chkEnable.Checked;
Settings.Default.pse_exe = srv_pse.txtExe.Text;
Settings.Default.pse_para = srv_pse.txtParam.Text;
Settings.Default.pse_user = srv_pse.txtUsername.Text;
Settings.Default.pse_pass = CryptoAes.EncryptB64($"6{srv_pse.txtPassword.Text}", bKey, bIv); //add salt
Settings.Default.winbox_enable = srv_winbox.chkEnable.Checked;
Settings.Default.winbox_exe = srv_winbox.txtExe.Text;
Settings.Default.winbox_para = srv_winbox.txtParam.Text;
Settings.Default.winbox_user = srv_winbox.txtUsername.Text;
Settings.Default.winbox_pass = CryptoAes.EncryptB64($"8{srv_winbox.txtPassword.Text}", bKey, bIv); //add salt
Settings.Default.Save();
}
private void Connect()
{
string key = Settings.Default.key;
byte[] bKey = key.Length > 0 ? CryptoAes.KeyToBytes(key, 32) : null; //256-bits
byte[] bIv = CryptoAes.KeyToBytes(key, 16);
string username = Settings.Default.rdp_user;
string password = CryptoAes.DecryptB64(Settings.Default.rdp_pass, bKey, bIv).Substring(1);
mstsc.Server = target;
mstsc.UserName = username;
IMsTscNonScriptable sec = (IMsTscNonScriptable)mstsc.GetOcx();
sec.ClearTextPassword = password;
mstsc.DesktopWidth = this.ClientSize.Width;
mstsc.DesktopHeight = this.ClientSize.Height;
try {
mstsc.Connect();
} catch { }
}
public static DbEntry Read(FileInfo f, bool isUser)
{
DbEntry entry = new DbEntry()
{
filename = f.Name,
hash = new Hashtable(),
isUser = isUser,
write_lock = new object()
};
try {
if (f.Length < 2)
{
throw new Exception("null file: " + f.FullName);
}
byte[] bytes = File.ReadAllBytes(f.FullName);
string plain = Encoding.UTF8.GetString(CryptoAes.Decrypt(bytes, Program.DB_KEY_A, Program.DB_KEY_B));
string[] split = plain.Split((char)127);
entry.hash.Add(".FILENAME", new string[] { f.Name, "", "" });
for (int i = 0; i < split.Length - 3; i += 4)
{
if (!entry.hash.ContainsKey(split[i]))
{
entry.hash.Add(split[i], new string[] { split[i + 1], split[i + 2], split[i + 3] });
}
}
} catch (IOException ex) {
entry.hash = null;
Logging.Err(ex);
} catch (Exception ex) {
entry.hash = null;
Logging.Err(ex);
}
return(entry);
}
static void Serve(TcpClient client)
{
byte[] buffer = new byte[client.ReceiveBufferSize];
int length;
try {
length = client.Client.Receive(buffer);
Array.Resize(ref buffer, length);
} catch {
client.Close();
return;
}
byte[] decrypt = CryptoAes.Decrypt(buffer, Main.bKey, Main.bIv);
if (decrypt is null)
{
client.Close();
return;
}
Action(System.Text.Encoding.UTF8.GetString(decrypt));
client.Close();
}
private static bool LoadConfig()
{
if (!File.Exists(Strings.FILE_CONFIG))
{
return(false);
}
List <string> httpPrefixes = new List <string>();
List <string> abPrefixes = new List <string>();
StreamReader fileReader = new StreamReader(Strings.FILE_CONFIG);
string line;
while ((line = fileReader.ReadLine()) != null)
{
line = line.Trim();
if (line.StartsWith("#"))
{
continue;
}
string[] split = line.Split('=');
if (split.Length < 2)
{
continue;
}
split[0] = split[0].Trim().ToLower();
split[1] = split[1].Trim();
switch (split[0])
{
case "db_key":
DB_KEY = split[1];
DB_KEY_A = DB_KEY.Length > 0 ? CryptoAes.KeyToBytes(DB_KEY, 32) : null; //256-bits
DB_KEY_B = DB_KEY.Length > 0 ? CryptoAes.KeyToBytes(DB_KEY, 16) : null; //128-bits
break;
case "preshared_key":
PRESHARED_KEY = split[1];
PRESHARED_KEY_A = PRESHARED_KEY.Length > 0 ? CryptoAes.KeyToBytes(PRESHARED_KEY, 32) : null; //256-bits
PRESHARED_KEY_B = PRESHARED_KEY.Length > 0 ? CryptoAes.KeyToBytes(PRESHARED_KEY, 16) : null; //128-bits
break;
case "force_registry_keys":
force_registry_keys = (split[1] == "true");
break;
case "http_enable":
http_enable = (split[1] == "true");
break;
case "http_prefix":
httpPrefixes.Add(split[1].Trim());
break;
case "addressbook_enable":
addressbook_enable = (split[1] == "true");
break;
case "addressbook_prefix":
abPrefixes.Add(split[1].Trim());
break;
case "ip_access":
Session.ip_access.Add(split[1], null);
break;
}
}
fileReader.Close();
if (httpPrefixes.Count > 0)
{
http_prefixes = httpPrefixes.ToArray();
}
if (abPrefixes.Count > 0)
{
addressbook_prefixes = abPrefixes.ToArray();
}
return(true);
}
public void LoadSettings()
{
int index = Settings.Default.ip_index;
if (index > -1)
{
cmbListennerIp.SelectedIndex = index;
}
txtListennerPort.Value = Settings.Default.port;
txtKey.Text = Settings.Default.key;
key = txtKey.Text;
bKey = key.Length > 0 ? CryptoAes.KeyToBytes(key, 32) : null; //256-bits
bIv = CryptoAes.KeyToBytes(key, 16); //128-bits
srv_stamp.chkEnable.Checked = Settings.Default.stamp_enable;
srv_uvnc.chkEnable.Checked = Settings.Default.uvnc_enable;
srv_uvnc.txtExe.Text = Settings.Default.uvnc_exe;
srv_uvnc.txtParam.Text = Settings.Default.uvnc_para;
srv_uvnc.txtPassword.Text = CryptoAes.DecryptB64(Settings.Default.uvnc_pass, bKey, bIv);
if (srv_uvnc.txtPassword.Text.Length > 0) //remove salt
{
srv_uvnc.txtPassword.Text = srv_uvnc.txtPassword.Text.Substring(1);
}
srv_rdp.chkEnable.Checked = Settings.Default.mstsc_enable;
srv_rdp.txtExe.Text = Settings.Default.mstsc_exe;
srv_rdp.txtParam.Text = Settings.Default.mstsc_para;
srv_rdp.txtUsername.Text = Settings.Default.rdp_user;
srv_rdp.txtPassword.Text = CryptoAes.DecryptB64(Settings.Default.rdp_pass, bKey, bIv);
if (srv_rdp.txtPassword.Text.Length > 0) //remove salt
{
srv_rdp.txtPassword.Text = srv_rdp.txtPassword.Text.Substring(1);
}
srv_pse.txtExe.Text = Settings.Default.pse_exe;
srv_pse.txtParam.Text = Settings.Default.pse_para;
srv_pse.txtUsername.Text = Settings.Default.pse_user;
srv_pse.txtPassword.Text = CryptoAes.DecryptB64(Settings.Default.pse_pass, bKey, bIv);
if (srv_pse.txtPassword.Text.Length > 0) //remove salt
{
srv_pse.txtPassword.Text = srv_pse.txtPassword.Text.Substring(1);
}
srv_winbox.txtExe.Text = Settings.Default.winbox_exe;
srv_winbox.txtParam.Text = Settings.Default.winbox_para;
srv_winbox.txtUsername.Text = Settings.Default.winbox_user;
srv_winbox.txtPassword.Text = CryptoAes.DecryptB64(Settings.Default.winbox_pass, bKey, bIv);
if (srv_winbox.txtPassword.Text.Length > 0) //remove salt
{
srv_winbox.txtPassword.Text = srv_winbox.txtPassword.Text.Substring(1);
}
chkOverrideWinRdpClient.Checked = Settings.Default.rdp_native_client;
}
static void Main(string[] args)
{
var str = CryptoSecureString.ToSecureString(new[] { 'h', 'i', 'r', 'o' });
char [] charArray = CryptoSecureString.CharacterData(str);
string unsecure = CryptoSecureString.ConvertToUnsecureString(str);
var rsaParameters = new CryptoRSAParameters();
rsaParameters.GenerateKeys();
Console.WriteLine($"Random {Convert.ToBase64String(CryptoRandom.Generate(32))}");
Console.WriteLine("-------------------------------------------");
var message = "Hiro universe";
var messageBytes = Encoding.UTF8.GetBytes(message);
Console.WriteLine($"MD5 message: {message} hash: {Convert.ToBase64String(CryptoHash.Md5(messageBytes))}");
Console.WriteLine($"SHA1 message: {message} hash: {Convert.ToBase64String(CryptoHash.Sha1(messageBytes))}");
Console.WriteLine($"SHA256 message: {message} hash: {Convert.ToBase64String(CryptoHash.Sha256(messageBytes))}");
Console.WriteLine($"SHA512 message: {message} hash: {Convert.ToBase64String(CryptoHash.Sha512(messageBytes))}");
var key = CryptoRandom.Generate(32);
Console.WriteLine($"HMAC MD5 message: {message} hash: {Convert.ToBase64String(CryptoHmac.Md5(messageBytes, key))}");
Console.WriteLine($"HMAC SHA1 message: {message} hash: {Convert.ToBase64String(CryptoHmac.Sha1(messageBytes, key))}");
Console.WriteLine($"HMAC SHA256 message: {message} hash: {Convert.ToBase64String(CryptoHmac.Sha256(messageBytes, key))}");
Console.WriteLine($"HMAC SHA512 message: {message} hash: {Convert.ToBase64String(CryptoHmac.Sha512(messageBytes, key))}");
Console.WriteLine("-------------------------------------------");
Console.WriteLine("Passsword hash with salt");
Console.WriteLine($"Password: {message}");
Console.WriteLine($"Password hashed: {Convert.ToBase64String(CryptoHash.Password(messageBytes))}");
Console.WriteLine("-------------------------------------------");
var salt = CryptoRandom.Generate(32);
Console.WriteLine("Passsword hash with salt - Based Key Derivation Function - PBKDF2");
Console.WriteLine($"Password: {message}");
Console.WriteLine($"Password hashed 100 rounds: {Convert.ToBase64String(CryptoHash.Password(messageBytes, salt, 100))}");
Console.WriteLine($"Password hashed 1000 rounds: {Convert.ToBase64String(CryptoHash.Password(messageBytes, salt, 1000))}");
Console.WriteLine($"Password hashed 10000 rounds: {Convert.ToBase64String(CryptoHash.Password(messageBytes, salt, 10000))}");
Console.WriteLine("-------------------------------------------");
var desKey = CryptoRandom.Generate(8);
var desIv = CryptoRandom.Generate(8);
var desEncryptedMessage = CryptoDes.Encrypt(message, desKey, desIv);
var desDecryptedMessage = CryptoDes.Decrypt(desEncryptedMessage, desKey, desIv);
Console.WriteLine("DES Encryption");
Console.WriteLine($"Text: {message}");
Console.WriteLine($"Key: {Convert.ToBase64String(desKey)}");
Console.WriteLine($"IV: {Convert.ToBase64String(desIv)}");
Console.WriteLine($"Encrypted: {Convert.ToBase64String(desEncryptedMessage)}");
Console.WriteLine($"Decrypted: {desDecryptedMessage}");
Console.WriteLine("-------------------------------------------");
var tripleDesKey = CryptoRandom.Generate(16);
var tripleDesIv = CryptoRandom.Generate(8);
var tripleDesEncryptedMessage = CryptoTripleDes.Encrypt(message, tripleDesKey, tripleDesIv);
var tripleDesDecryptedMessage = CryptoTripleDes.Decrypt(tripleDesEncryptedMessage, tripleDesKey, tripleDesIv);
Console.WriteLine("Triple DES Encryption");
Console.WriteLine($"Text: {message}");
Console.WriteLine($"Key: {Convert.ToBase64String(tripleDesKey)}");
Console.WriteLine($"IV: {Convert.ToBase64String(tripleDesIv)}");
Console.WriteLine($"Encrypted: {Convert.ToBase64String(tripleDesEncryptedMessage)}");
Console.WriteLine($"Decrypted: {tripleDesDecryptedMessage}");
Console.WriteLine("-------------------------------------------");
var aesKey = CryptoRandom.Generate(32);
var aesIv = CryptoRandom.Generate(16);
var aesEncryptedMessage = CryptoAes.Encrypt(message, aesKey, aesIv);
var aesDecryptedMessage = CryptoAes.Decrypt(aesEncryptedMessage, aesKey, aesIv);
Console.WriteLine("AES Encryption");
Console.WriteLine($"Text: {message}");
Console.WriteLine($"Key: {Convert.ToBase64String(aesKey)}");
Console.WriteLine($"IV: {Convert.ToBase64String(aesIv)}");
Console.WriteLine($"Encrypted: {Convert.ToBase64String(aesEncryptedMessage)}");
Console.WriteLine($"Decrypted: {aesDecryptedMessage}");
Console.WriteLine("-------------------------------------------");
var rsaEncryptedMessage = CryptoRsa.Encrypt(messageBytes, rsaParameters.publicKey);
var rsaDecryptedMessage = CryptoRsa.Decrypt(rsaEncryptedMessage, rsaParameters.privateKey);
Console.WriteLine("RSA Encryption");
Console.WriteLine($"Text: {message}");
Console.WriteLine($"Encrypted: {Convert.ToBase64String(rsaEncryptedMessage)}");
Console.WriteLine($"Decrypted: {Encoding.Default.GetString(rsaDecryptedMessage)}");
Console.WriteLine("-------------------------------------------");
var hybridEncryptedPacket = CryptoHybrid.Encrypt(message, rsaParameters.publicKey);
var hybridDecryptedMessage = CryptoHybrid.Decrypt(hybridEncryptedPacket, rsaParameters.privateKey);
Console.WriteLine("Hybrid Encryption using AES and RSA");
Console.WriteLine($"Text: {message}");
Console.WriteLine($"Encrypted: {Convert.ToBase64String(hybridEncryptedPacket.EncryptedData)}");
Console.WriteLine($"Decrypted: {hybridDecryptedMessage}");
Console.WriteLine("-------------------------------------------");
var hashedMessage = CryptoHash.Sha256(messageBytes);
var signature = CryptoDigitalSignature.Sign(hashedMessage, rsaParameters.privateKey);
var verify = CryptoDigitalSignature.Verify(hashedMessage, signature, rsaParameters.publicKey);
Console.WriteLine("Digital Signature");
Console.WriteLine($"Text: {message}");
Console.WriteLine($"Signature: {Convert.ToBase64String(signature)}");
Console.WriteLine("Is Verified: " + (verify ? "true" : "false"));
Console.WriteLine("-------------------------------------------");
try {
var hybridSignatureEncryptedPacket = CryptoHybridIntegrity.Encrypt(message, rsaParameters);
var hybridSignatureDecryptedMessage = CryptoHybridIntegrity.Decrypt(hybridSignatureEncryptedPacket, rsaParameters);
Console.WriteLine("Hybrid encryption with digital signature");
Console.WriteLine($"Text: {message}");
Console.WriteLine($"Signature: {Convert.ToBase64String(hybridSignatureEncryptedPacket.Signature)}");
Console.WriteLine($"Encrypted: {Convert.ToBase64String(hybridSignatureEncryptedPacket.EncryptedData)}");
Console.WriteLine($"Decrypted: {hybridSignatureDecryptedMessage}");
}
catch (CryptographicException ex)
{
Console.WriteLine("Error : " + ex.Message);
}
}
