/// <summary>
/// Validate password prior do decrypting, depends on sample encrypted section in The SecuritySection.
/// </summary>
/// <param name="ovfObj">EnvelopeType OVF Object</param>
/// <param name="password">password to check</param>
/// <returns>true = valid password, false = password failed</returns>
public bool CheckPassword(EnvelopeType ovfObj, string password)
{
bool isValid = false;
SecuritySection_Type[] security = FindSections <SecuritySection_Type>(ovfObj.Sections);
if (security != null && security.Length == 1)
{
foreach (Security_Type sec in security[0].Security)
{
EncryptedDataType edt = null;
if (sec.EncryptedData != null && sec.EncryptedData.CipherData != null && sec.EncryptedData.CipherData.Item != null)
{
edt = sec.EncryptedData;
}
if (edt == null && sec.Any != null)
{
foreach (XmlElement xe in sec.Any)
{
if (xe.Name.Contains(":EncryptedData") || xe.Name.Contains(":EncrypteData"))
{
CipherDataType cdt = (CipherDataType)Tools.Deserialize(xe.InnerXml, typeof(CipherDataType));
edt = new EncryptedDataType();
edt.CipherData = cdt;
}
}
}
if (edt != null)
{
if (sec.version != null &&
CheckSecurityVersion(sec.version, Properties.Settings.Default.securityVersion) >= 0)
{
isValid = InternalCheckPassword((byte[])edt.CipherData.Item, password, sec.version);
}
else
{
isValid = DeprecatedCheckPassword((byte[])edt.CipherData.Item, password, sec.version);
}
}
else
{
throw new Exception(Messages.SECURITY_SECTION_INVALID);
}
}
}
if (isValid)
{
Log.Audit(Messages.PASSWORD_SUCCESS);
}
else
{
Log.Audit(Messages.PASSWORD_FAILED);
}
return(isValid);
}
private static void CryptoFileWrapper(EnvelopeType env, string ovffilename, string password, bool encrypt)
{
bool process = true;
if ((env.References == null) ||
(env.References.File == null) ||
(env.References.File.Length == 0))
{
log.Info("OVF.Security: No files to encrypt/decrypt.");
return;
}
try
{
List <DataReference> dataReference = new List <DataReference>();
string cryptoclassname = (string)AlgorithmMap((Properties.Settings.Default.encryptAlgorithmURI.Split(new char[] { '#' }))[1].ToLower().Replace('-', '_'));
int keysize = Convert.ToInt32(Properties.Settings.Default.encryptKeyLength);
string fileuuids = null;
string version = null;
//
// Initial version really only works when there is ONLY ONE SecuritySection::Security
//
#region GET DECRYPT INFO
if (!encrypt)
{
SecuritySection_Type securitysection = null;
foreach (Section_Type section in env.Sections)
{
if (section is SecuritySection_Type)
{
securitysection = (SecuritySection_Type)section;
break;
}
}
foreach (Security_Type securitytype in securitysection.Security)
{
foreach (XenOvf.Definitions.XENC.ReferenceType dataref in securitytype.ReferenceList.Items)
{
if (dataref is DataReference)
{
fileuuids += ":" + ((DataReference)dataref).ValueType;
}
}
if (securitytype.EncryptionMethod != null &&
securitytype.EncryptionMethod.Algorithm != null)
{
string algoname = (securitytype.EncryptionMethod.Algorithm.Split(new char[] { '#' }))[1].ToLower().Replace('-', '_');
object x = Properties.Settings.Default[algoname];
if (x != null)
{
cryptoclassname = (string)x;
keysize = Convert.ToInt32(securitytype.EncryptionMethod.KeySize);
}
}
if (!string.IsNullOrEmpty(securitytype.version))
{
version = securitytype.version;
}
}
}
#endregion
#region PROCESS FILES
foreach (File_Type file in env.References.File)
{
if (encrypt)
{
version = Properties.Settings.Default.securityVersion;
if (file.Id == null)
{
file.Id = "xen_" + Guid.NewGuid().ToString();
DataReference newDataReference = new DataReference();
newDataReference.ValueType = file.Id;
dataReference.Add(newDataReference);
process = true;
}
else
{
log.InfoFormat("File already encrypted, skipping. [{0}]", file.href);
process = false;
}
}
else
{
if (file.Id != null &&
fileuuids != null &&
fileuuids.ToLower().Contains(file.Id.ToLower()))
{
process = true;
file.Id = null;
}
else
{
process = false;
log.InfoFormat("File is not encrypted, skipping. [{0}]", file.href);
}
}
if (process)
{
string fullname = string.Format(@"{0}\{1}", Path.GetDirectoryName(ovffilename), file.href);
log.DebugFormat(encrypt ? "Encrypt: {0}" : "Decrypt: {0}", fullname);
ICryptoTransform trans = CryptoSetup(cryptoclassname, password, encrypt, version);
CryptoFile(trans, fullname, fullname + ".tmp", encrypt);
if (_cancelEncrypt)
{
File.Delete(fullname + ".tmp");
}
else
{
File.Delete(fullname);
File.Move(fullname + ".tmp", fullname);
}
}
}
#endregion
#region BUILD SECURITY SECTION
if (encrypt && process && !_cancelEncrypt)
{
List <Section_Type> sections = new List <Section_Type>();
SecuritySection_Type securitySection = null;
foreach (Section_Type section in env.Sections)
{
if (section is SecuritySection_Type)
{
securitySection = (SecuritySection_Type)section;
}
else
{
sections.Add(section);
}
}
if (securitySection == null)
{
securitySection = new SecuritySection_Type();
securitySection.Info = new Msg_Type();
securitySection.Info.Value = "Encrypted Content Definition";
}
List <Security_Type> secType = new List <Security_Type>();
if (securitySection.Security != null && securitySection.Security.Length > 0)
{
secType.AddRange(securitySection.Security);
}
Security_Type securityType = new Security_Type();
securityType.version = Properties.Settings.Default.securityVersion;
securityType.Id = "xen_" + Guid.NewGuid().ToString();
ReferenceList referenceList = new ReferenceList();
referenceList.Items = dataReference.ToArray();
List <ItemsChoiceType3> ictList = new List <ItemsChoiceType3>();
for (int i = 0; i < dataReference.Count; i++)
{
ictList.Add(ItemsChoiceType3.DataReference);
}
referenceList.ItemsElementName = ictList.ToArray();
EncryptionMethodType encryptMethod = new EncryptionMethodType();
encryptMethod.KeySize = Convert.ToString(_KeySize);
encryptMethod.Algorithm = Properties.Settings.Default.encryptAlgorithmURI;
EncryptedDataType EncryptedData = new EncryptedDataType();
EncryptedData.CipherData = new CipherDataType();
CryptoElement(EncryptedData, KnownEncrypt, cryptoclassname, version, password);
securityType.ReferenceList = referenceList;
securityType.EncryptionMethod = encryptMethod;
securityType.EncryptedData = EncryptedData;
secType.Add(securityType);
securitySection.Security = secType.ToArray();
sections.Add(securitySection);
env.Sections = sections.ToArray();
}
#endregion
}
catch (Exception ex)
{
log.ErrorFormat("OVF.Security: Cryptography error: {0}", ex.Message);
throw;
}
}
private static void CryptoFileWrapper(EnvelopeType env, string ovffilename, string password, bool encrypt)
{
bool process = true;
if ((env.References == null) ||
(env.References.File == null) ||
(env.References.File.Length == 0))
{
Log.Info("OVF.Security: No files to encrypt/decrypt.");
return;
}
try
{
List<DataReference> dataReference = new List<DataReference>();
string cryptoclassname = (string)AlgorithmMap((Properties.Settings.Default.encryptAlgorithmURI.Split(new char[] { '#' }))[1].ToLower().Replace('-', '_'));
int keysize = Convert.ToInt32(Properties.Settings.Default.encryptKeyLength);
string fileuuids = null;
string version = null;
//
// Initial version really only works when there is ONLY ONE SecuritySection::Security
//
#region GET DECRYPT INFO
if (!encrypt)
{
SecuritySection_Type securitysection = null;
foreach (Section_Type section in env.Sections)
{
if (section is SecuritySection_Type)
{
securitysection = (SecuritySection_Type)section;
break;
}
}
foreach (Security_Type securitytype in securitysection.Security)
{
foreach (XenOvf.Definitions.XENC.ReferenceType dataref in securitytype.ReferenceList.Items)
{
if (dataref is DataReference)
{
fileuuids += ":" + ((DataReference)dataref).ValueType;
}
}
if (securitytype.EncryptionMethod != null &&
securitytype.EncryptionMethod.Algorithm != null)
{
string algoname = (securitytype.EncryptionMethod.Algorithm.Split(new char[] { '#' }))[1].ToLower().Replace('-', '_');
object x = Properties.Settings.Default[algoname];
if (x != null)
{
cryptoclassname = (string)x;
keysize = Convert.ToInt32(securitytype.EncryptionMethod.KeySize);
}
}
if (!string.IsNullOrEmpty(securitytype.version))
{
version = securitytype.version;
}
}
}
#endregion
#region PROCESS FILES
foreach (File_Type file in env.References.File)
{
if (encrypt)
{
version = Properties.Settings.Default.securityVersion;
if (file.Id == null)
{
file.Id = "xen_" + Guid.NewGuid().ToString();
DataReference newDataReference = new DataReference();
newDataReference.ValueType = file.Id;
dataReference.Add(newDataReference);
process = true;
}
else
{
Log.Info("File already encrypted, skipping. [{0}]", file.href);
process = false;
}
}
else
{
if (file.Id != null &&
fileuuids != null &&
fileuuids.ToLower().Contains(file.Id.ToLower()))
{
process = true;
file.Id = null;
}
else
{
process = false;
Log.Info("File is not encrypted, skipping. [{0}]", file.href);
}
}
if (process)
{
string fullname = string.Format(@"{0}\{1}", Path.GetDirectoryName(ovffilename), file.href);
Log.Debug(@"{0} : {1}", encrypt ? "Encrypt" : "Decrypt", fullname);
ICryptoTransform trans = CryptoSetup(cryptoclassname, password, encrypt, version);
CryptoFile(trans, fullname, fullname + ".tmp", encrypt);
if (_cancelEncrypt)
{
File.Delete(fullname + ".tmp");
}
else
{
File.Delete(fullname);
File.Move(fullname + ".tmp", fullname);
}
}
}
#endregion
#region BUILD SECURITY SECTION
if (encrypt && process && !_cancelEncrypt)
{
List<Section_Type> sections = new List<Section_Type>();
SecuritySection_Type securitySection = null;
foreach (Section_Type section in env.Sections)
{
if (section is SecuritySection_Type)
{
securitySection = (SecuritySection_Type)section;
}
else
{
sections.Add(section);
}
}
if (securitySection == null)
{
securitySection = new SecuritySection_Type();
securitySection.Info = new Msg_Type();
securitySection.Info.Value = "Encrypted Content Definition";
}
List<Security_Type> secType = new List<Security_Type>();
if (securitySection.Security != null && securitySection.Security.Length > 0)
{
secType.AddRange(securitySection.Security);
}
Security_Type securityType = new Security_Type();
securityType.version = Properties.Settings.Default.securityVersion;
securityType.Id = "xen_" + Guid.NewGuid().ToString();
ReferenceList referenceList = new ReferenceList();
referenceList.Items = dataReference.ToArray();
List<ItemsChoiceType3> ictList = new List<ItemsChoiceType3>();
for (int i = 0; i < dataReference.Count; i++)
{
ictList.Add(ItemsChoiceType3.DataReference);
}
referenceList.ItemsElementName = ictList.ToArray();
EncryptionMethodType encryptMethod = new EncryptionMethodType();
encryptMethod.KeySize = Convert.ToString(_KeySize);
encryptMethod.Algorithm = Properties.Settings.Default.encryptAlgorithmURI;
EncryptedDataType EncryptedData = new EncryptedDataType();
EncryptedData.CipherData = new CipherDataType();
CryptoElement(EncryptedData, KnownEncrypt, cryptoclassname, version, password);
securityType.ReferenceList = referenceList;
securityType.EncryptionMethod = encryptMethod;
securityType.EncryptedData = EncryptedData;
secType.Add(securityType);
securitySection.Security = secType.ToArray();
sections.Add(securitySection);
env.Sections = sections.ToArray();
}
#endregion
}
catch (Exception ex)
{
Log.Error("OVF.Security: Cryptography error: {0}", ex.Message);
throw ex;
}
}
/// <summary>
/// Validate password prior do decrypting, depends on sample encrypted section in The SecuritySection.
/// </summary>
/// <param name="ovfObj">EnvelopeType OVF Object</param>
/// <param name="password">password to check</param>
/// <returns>true = valid password, false = password failed</returns>
public bool CheckPassword(EnvelopeType ovfObj, string password)
{
bool isValid = false;
SecuritySection_Type[] security = FindSections<SecuritySection_Type>(ovfObj.Sections);
if (security != null && security.Length == 1)
{
foreach (Security_Type sec in security[0].Security)
{
EncryptedDataType edt = null;
if (sec.EncryptedData != null && sec.EncryptedData.CipherData != null && sec.EncryptedData.CipherData.Item != null)
{
edt = sec.EncryptedData;
}
if (edt == null && sec.Any != null)
{
foreach (XmlElement xe in sec.Any)
{
if (xe.Name.Contains(":EncryptedData") || xe.Name.Contains(":EncrypteData"))
{
CipherDataType cdt = (CipherDataType)Tools.Deserialize(xe.InnerXml, typeof(CipherDataType));
edt = new EncryptedDataType();
edt.CipherData = cdt;
}
}
}
if (edt != null)
{
if (sec.version != null &&
CheckSecurityVersion(sec.version, Properties.Settings.Default.securityVersion) >= 0)
{
isValid = InternalCheckPassword((byte[])edt.CipherData.Item, password, sec.version);
}
else
{
isValid = DeprecatedCheckPassword((byte[])edt.CipherData.Item, password, sec.version);
}
}
else
{
throw new Exception(Messages.SECURITY_SECTION_INVALID);
}
}
}
if (isValid)
{
Log.Audit(Messages.PASSWORD_SUCCESS);
}
else
{
Log.Audit(Messages.PASSWORD_FAILED);
}
return isValid;
}
