public void HttpService040Test() { using (var clientChannel = new HttpServiceChannel(new Uri("http://192.168.0.235:5000/api/safevault"))) { clientChannel.CipherLib["rsa-public"] = RsaCipher.LoadFromPEM($"data\\server\\server.pem"); clientChannel.CipherLib["rsa-private"] = RsaCipher.LoadFromX509Store("Evgeny Zyuzin SafeVault Client"); var qm = new QueryMessage { Command = "dbx-Download" }; qm.Params["username"] = "******"; qm.Params["uuid"] = "safevault"; qm.Params["password"] = "******"; clientChannel.Encrypt(); clientChannel.WriteObject(qm); clientChannel.Post(); var response = clientChannel.ReadObject <ResponseMessage>(); Console.WriteLine(response.StatusCode + " " + response.StatusText); Assert.AreEqual(200, response.StatusCode); Console.WriteLine(response.Header["data"]); var data = clientChannel.Read(); Assert.AreEqual(response.Header["md5"], Security.Hash.MD5(data)); Console.WriteLine(data.Length); } }
private HttpServiceChannel CreateHttpServiceChannel() { HttpServiceChannel channel = null; try { channel = new HttpServiceChannel(new Uri(_conf.ServerUrl)); channel.CipherLib["rsa-private"] = RsaCipher.LoadFromX509Store(_conf.ClientCertificateName); channel.CipherLib["rsa-public"] = RsaCipher.LoadFromX509Store(_conf.ServerCertificateName); } catch (Exception) { channel?.Dispose(); throw; } return(channel); }
private byte[] Create(KeyProviderQueryContext ctx) { var vaultConf = new SafeVaultConf(ctx.DatabaseIOInfo); var vaultConnectionForm = new VaultConnectionConfigForm(); vaultConnectionForm.InitEx(vaultConf); if (UIUtil.ShowDialogAndDestroy(vaultConnectionForm) != DialogResult.OK) { return(null); } VaultKeyCreateForm createForm = new VaultKeyCreateForm(); createForm.InitEx(vaultConf, ctx); if (UIUtil.ShowDialogAndDestroy(createForm) != DialogResult.OK) { return(null); } vaultConf.Type = PROVIDER_TYPE; vaultConf.Version = PROVIDER_VERSION; var masterKey = Encoding.UTF8.GetBytes(vaultConf.DatabaseKeyA); var keyLen = (masterKey.Length > 254) ? masterKey.Length : 254; var keyA = new byte[keyLen + 2]; Array.Copy(BitConverter.GetBytes((ushort)masterKey.Length), keyA, 2); Array.Copy(masterKey, 0, keyA, 2, masterKey.Length); var keyB = Random.Get(keyA.Length); for (int i = 0; i < keyB.Length; i++) { keyA[i] ^= keyB[i]; } var salt = Random.Get(64); using (var aes = new Aes256Cipher()) { aes.SetPassPhrase(salt); keyA = aes.Encrypt(keyA); keyB = aes.Encrypt(keyB); } using (var rsa = RsaCipher.LoadFromX509Store(vaultConf.ClientCertificateName)) { salt = rsa.Encrypt(salt); } vaultConf.Salt = Convert.ToBase64String(salt); vaultConf.DatabaseKeyA = Convert.ToBase64String(keyA); vaultConf.VaultKeyname = Guid.NewGuid().ToString(); var databaseKeyB = Convert.ToBase64String(keyB); VaultKeyPromptForm promptForm = new VaultKeyPromptForm(); promptForm.InitEx("Enter SafeVault Password", "Save KeyB to SafeVault", (oneTimePassword) => { string status = ""; var query = new SafeVaultWebClient(vaultConf); try { status = Async.Invoke(() => query.SetDbxKey(vaultConf.VaultKeyname, databaseKeyB, oneTimePassword)); if (status == "OK") { return(true); } MessageService.ShowWarning( query.Utc != null ? "DateTime: " + DateTime.Parse(query.Utc).ToLocalTime() : "", status); } catch (CryptographicException ex) { MessageService.ShowWarning( query.Utc != null ? "DateTime: " + DateTime.Parse(query.Utc).ToLocalTime() : "", ex.Message); } return(false); }); if (UIUtil.ShowDialogAndDestroy(promptForm) != DialogResult.OK) { return(null); } try { vaultConf.Save(); } catch (Exception e) { MessageService.ShowWarning(e.Message); return(null); } return(masterKey); }
private byte[] OpenInternal(KeyProviderQueryContext ctx) { SafeVaultConf conf = new SafeVaultConf(ctx.DatabaseIOInfo); var required = new[] { conf.ClientCertificateName, conf.ServerUrl, conf.ServerCertificateName, conf.Salt, conf.Username, conf.VaultKeyname, conf.DatabaseKeyA }; if (required.Any(string.IsNullOrEmpty)) { throw new ConfigurationException("SafeVault not configured."); } byte[] salt = Convert.FromBase64String(conf.Salt); using (var rsa = RsaCipher.LoadFromX509Store(conf.ClientCertificateName)) { salt = rsa.Decrypt(salt); } string sKeyB = string.Empty; VaultKeyPromptForm promptForm = new VaultKeyPromptForm(); promptForm.InitEx("Enter SafeVault Password", "Open Database", (oneTimePassword) => { var query = new SafeVaultWebClient(conf); try { sKeyB = query.GetDbxKey(conf.VaultKeyname, oneTimePassword); return(true); } catch (SafeVaultException ex) { MessageService.ShowWarning( query.Utc != null ? "DateTime: " + DateTime.Parse(query.Utc).ToLocalTime() : "", ex.Message ); } return(false); }); if (UIUtil.ShowDialogAndDestroy(promptForm) != DialogResult.OK) { return(null); } byte[] keyA = Convert.FromBase64String(conf.DatabaseKeyA); byte[] keyB = Convert.FromBase64String(sKeyB); using (var aes = new Aes256Cipher()) { aes.SetPassPhrase(salt); keyA = aes.Decrypt(keyA); keyB = aes.Decrypt(keyB); } if (keyA.Length != keyB.Length) { throw new SafevaultKeyProviderException("Incompatible KEYA and KEYB"); } for (int i = 0; i < keyB.Length; i++) { keyA[i] ^= keyB[i]; } int keyL = BitConverter.ToUInt16(keyA, 0); if (keyL > keyA.Length) { throw new SafevaultKeyProviderException("Invalid KEYB"); } byte[] masterKey = new byte[keyL]; Array.Copy(keyA, 2, masterKey, 0, masterKey.Length); return(masterKey); }