public TClass ExecuteSymKeyEncryption <TClass>(RestRequest request, string body) where TClass : new() { request.AddHeader("client", DtoGobalSettings.ClientIdentity.Name); request.AddHeader("identifier", DtoGobalSettings.ClientIdentity.Guid); var serviceSetting = new ServiceSetting(); var entropy = serviceSetting.GetSetting("entropy"); var encryptedKey = serviceSetting.GetSetting("encryption_key"); var decryptedKey = ServiceDP.DecryptData(Convert.FromBase64String(encryptedKey.Value), true, Convert.FromBase64String(entropy.Value)); if (!string.IsNullOrEmpty(body)) { var encryptedContent = new ServiceSymmetricEncryption().EncryptData(decryptedKey, body); request.AddParameter("text/xml", encryptedContent, ParameterType.RequestBody); } var deviceThumbprint = new ServiceSetting().GetSetting("device_thumbprint"); var deviceCert = ServiceCertificate.GetCertificateFromStore(deviceThumbprint.Value, StoreName.My); if (deviceCert == null) { return(default(TClass)); } var encryptedCert = new ServiceSymmetricEncryption().EncryptData(decryptedKey, Convert.ToBase64String(deviceCert.RawData)); request.AddHeader("device_cert", Convert.ToBase64String(encryptedCert)); return(SubmitRequest <TClass>(request, decryptedKey)); }
public bool DownloadFile(RestRequest request, string body, string destination) { if (string.IsNullOrEmpty(body)) { throw new ArgumentException("body"); } request.AddHeader("client", DtoGobalSettings.ClientIdentity.Name); request.AddHeader("identifier", DtoGobalSettings.ClientIdentity.Guid); var serviceSetting = new ServiceSetting(); var entropy = serviceSetting.GetSetting("entropy"); var encryptedKey = serviceSetting.GetSetting("encryption_key"); var decryptedKey = ServiceDP.DecryptData(Convert.FromBase64String(encryptedKey.Value), true, Convert.FromBase64String(entropy.Value)); var encryptedContent = new ServiceSymmetricEncryption().EncryptData(decryptedKey, body); request.AddParameter("text/xml", encryptedContent, ParameterType.RequestBody); var deviceThumbprint = new ServiceSetting().GetSetting("device_thumbprint"); var deviceCert = ServiceCertificate.GetCertificateFromStore(deviceThumbprint.Value, StoreName.My); if (deviceCert == null) { return(false); } var encryptedCert = new ServiceSymmetricEncryption().EncryptData(decryptedKey, Convert.ToBase64String(deviceCert.RawData)); request.AddHeader("device_cert", Convert.ToBase64String(encryptedCert)); try { _log.Debug(request.Resource); using (var stream = File.Create(destination, 4096)) { request.ResponseWriter = (responseStream) => responseStream.CopyTo(stream); _client.DownloadData(request); if (stream.Length == 0) { //something went wrong, rest sharp can't display any other info with downloaddata, so we don't know why return(false); } } return(true); } catch (Exception ex) { _log.Error("Could Not Save File: " + destination); _log.Error(ex.Message); return(false); } }
public StringContent ResponseHandler(Task <HttpResponseMessage> task, byte[] key, EntityComputer computer) { //encrypt the response back to the client //var headers = task.Result.ToString(); if (task.Result.Content != null) { Logger.Debug($"ID: {logId} - Encrypting response body"); var body = task.Result.Content.ReadAsStringAsync().Result; Logger.Debug($"ID: {logId} - {body}"); var encryptedContent = new ServiceSymmetricEncryption().EncryptData(key, body); var signature = new ServiceCertificate().SignMessage(Convert.ToBase64String(encryptedContent), computer); var jsonResp = new DtoApiStringResponse(); jsonResp.Value = Convert.ToBase64String(encryptedContent); task.Result.Headers.Add("client_signature", Convert.ToBase64String(signature)); return(new StringContent(JsonConvert.SerializeObject(jsonResp), Encoding.UTF8, "application/json")); } else { return(null); } }
private TClass SubmitRequest <TClass>(RestRequest request, byte[] encKey = null) where TClass : new() { if (request == null) { _log.Error("Could Not Execute API Request. The Request was empty." + new TClass().GetType()); return(default(TClass)); } _log.Debug(request.Resource); var response = _client.Execute <TClass>(request); if (response == null) { _log.Error("Could Not Complete API Request. The Response was empty." + request.Resource); return(default(TClass)); } if (response.StatusCode == HttpStatusCode.InternalServerError) { _log.Error("Could Not Complete API Request. The Response Produced An Error." + request.Resource); _log.Error(response.Content); try { if (encKey != null) { var encryptedresponse = JsonConvert.DeserializeObject <DtoStringResponse>(response.Content); var content = new ServiceSymmetricEncryption().Decrypt(encKey, Convert.FromBase64String(encryptedresponse.Value)); _log.Error(content); } } catch { //ignore } return(default(TClass)); } if (response.StatusCode == HttpStatusCode.Unauthorized) { _log.Error("The Request Was Unauthorized " + request.Resource); return(default(TClass)); } if (response.StatusCode == HttpStatusCode.NotFound) { _log.Error("Error Retrieving API Response: Not Found " + request.Resource); return(default(TClass)); } if (response.ErrorException != null && encKey == null) { _log.Error("Error Retrieving API Response: " + response.ErrorException); return(default(TClass)); } if (response.Data == null && encKey == null) { _log.Error("Response Data Was Null For Resource: " + request.Resource); return(default(TClass)); } if (encKey != null) { if (response.Headers.Any(t => t.Name.Equals("client_signature"))) { var firstOrDefault = response.Headers.FirstOrDefault(t => t.Name.Equals("client_signature")); if (firstOrDefault == null) { _log.Error("The Response Signature Is Not Valid For This Device: " + request.Resource); return(default(TClass)); } var deviceThumbprint = new ServiceSetting().GetSetting("device_thumbprint"); var deviceCert = ServiceCertificate.GetCertificateFromStore(deviceThumbprint.Value, StoreName.My); if (deviceCert == null) { _log.Error("Could Not Find The Device Certificate: " + request.Resource); return(default(TClass)); } var signature = firstOrDefault.Value.ToString(); var encryptedresponse = JsonConvert.DeserializeObject <DtoStringResponse>(response.Content); if ( !ServiceCertificate.VerifySignature(deviceCert, Convert.FromBase64String(signature), encryptedresponse.Value)) { _log.Error("Response Signature Verification Failed: " + request.Resource); return(default(TClass)); } var content = new ServiceSymmetricEncryption().Decrypt(encKey, Convert.FromBase64String(encryptedresponse.Value)); return(JsonConvert.DeserializeObject <TClass>(content)); } _log.Error("Invalid Reponse, Signature Missing: " + request.Resource); return(default(TClass)); } return(response.Data); }
private EnumProvisionStatus.Status ProvisionStage2() { var intermediateThumbprint = _serviceSetting.GetSetting("intermediate_thumbprint"); if (string.IsNullOrEmpty(intermediateThumbprint.Value)) { //assume stage 1 didn't finish return(EnumProvisionStatus.Status.NotStarted); } var intermediate = ServiceCertificate.GetCertificateFromStore(intermediateThumbprint.Value, StoreName.CertificateAuthority); if (intermediate == null) { return(EnumProvisionStatus.Status.NotStarted); } var key = GenerateSymmKey(); var provisionRequest = new DtoProvisionRequest(); provisionRequest.Name = DtoGobalSettings.ClientIdentity.Name; provisionRequest.AdGuid = new ServiceAD().GetADGuid(provisionRequest.Name); provisionRequest.SymmKey = EncryptDataWithIntermediate(intermediate.PublicKey.Key, key); provisionRequest.InstallationId = DtoGobalSettings.ClientIdentity.InstallationId; //include some hardware details Logger.Debug("Gathering Hardware Details"); var inventoryCollection = new DtoInventoryCollection(); new ComputerSystem().Search(inventoryCollection); new Bios().Search(inventoryCollection); new Processor().Search(inventoryCollection); new Nic().Search(inventoryCollection); try { var m = Convert.ToInt64(inventoryCollection.ComputerSystem.TotalPhysicalMemory); provisionRequest.Memory = Convert.ToInt32(m / 1024 / 1024); } catch { provisionRequest.Memory = 0; } try { provisionRequest.Processor = inventoryCollection.Processor.Name; } catch { provisionRequest.Processor = string.Empty; } try { provisionRequest.SerialNumber = inventoryCollection.Bios.SerialNumber; } catch { provisionRequest.SerialNumber = string.Empty; } try { provisionRequest.Model = inventoryCollection.ComputerSystem.Model; } catch { provisionRequest.Model = string.Empty; } try { foreach (var nic in inventoryCollection.NetworkAdapters) { provisionRequest.Macs.Add(nic.Mac); } } catch { //do nothing } inventoryCollection = null; var response = new APICall().ProvisionApi.ProvisionClient(provisionRequest); if (response == null) { return(EnumProvisionStatus.Status.Error); } if (response.ProvisionStatus == EnumProvisionStatus.Status.Reset) { Logger.Info("Client Reset Approved. Starting Reset Process."); return(EnumProvisionStatus.Status.Reset); } if (response.ProvisionStatus == EnumProvisionStatus.Status.FullReset) { Logger.Info("Client Full Reset Requested. Starting Full Reset Process."); return(EnumProvisionStatus.Status.FullReset); } if (response.ProvisionStatus == EnumProvisionStatus.Status.PendingReset) { Logger.Info("Client Is Pending Reset Approval."); return(EnumProvisionStatus.Status.PendingReset); } if (response.ProvisionStatus == EnumProvisionStatus.Status.PendingProvisionApproval) { Logger.Info("Client Is Pending Provisioning Approval"); return(EnumProvisionStatus.Status.PendingProvisionApproval); } if (response.ProvisionStatus == EnumProvisionStatus.Status.PendingPreProvision) { Logger.Info("Client Has Not Been Pre-Provisioned And The Current Security Policy Requires It."); return(EnumProvisionStatus.Status.PendingPreProvision); } if (response.ProvisionStatus != EnumProvisionStatus.Status.PendingConfirmation) { return(EnumProvisionStatus.Status.Error); } var byteCert = Convert.FromBase64String(response.Certificate); var base64Cert = new ServiceSymmetricEncryption().Decrypt(key, byteCert); var deviceCert = new X509Certificate2(Convert.FromBase64String(base64Cert)); if (ServiceCertificate.StoreLocalMachine(deviceCert, StoreName.My)) { var deviceThumbprint = _serviceSetting.GetSetting("device_thumbprint"); deviceThumbprint.Value = deviceCert.Thumbprint; _serviceSetting.UpdateSettingValue(deviceThumbprint); var computerIdentifier = _serviceSetting.GetSetting("computer_identifier"); computerIdentifier.Value = response.ComputerIdentifier; DtoGobalSettings.ClientIdentity.Guid = response.ComputerIdentifier; _serviceSetting.UpdateSettingValue(computerIdentifier); var entropy = _serviceSetting.GetSetting("entropy"); var entropyBytes = ServiceDP.CreateRandomEntropy(); entropy.Value = Convert.ToBase64String(entropyBytes); _serviceSetting.UpdateSettingValue(entropy); var encryptedKey = ServiceDP.EncryptData(key, true, entropyBytes); var keySetting = _serviceSetting.GetSetting("encryption_key"); keySetting.Value = Convert.ToBase64String(encryptedKey); _serviceSetting.UpdateSettingValue(keySetting); var settingProvisionStatus = _serviceSetting.GetSetting("provision_status"); settingProvisionStatus.Value = Convert.ToInt16(response.ProvisionStatus).ToString(); _serviceSetting.UpdateSettingValue(settingProvisionStatus); } return(EnumProvisionStatus.Status.PendingConfirmation); }
protected override System.Threading.Tasks.Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken) { logId = logId = Guid.NewGuid().ToString("n").Substring(0, 8); // CATCH THE REQUEST BEFORE SENDING TO THE ROUTING HANDLER Logger.Debug($"ID: {logId} - Received decryption request for {request.Headers.GetValues("client").FirstOrDefault()} "); Logger.Debug($"ID: {logId} - Request URI {request.RequestUri} "); var clientIdentifier = request.Headers.GetValues("identifier").FirstOrDefault(); var encryptedCert = request.Headers.GetValues("device_cert").FirstOrDefault(); byte[] keyBytes = null; var computerEntity = new ServiceComputer().GetByGuid(clientIdentifier); if (computerEntity == null) { Logger.Debug($"ID: {logId} - Computer With Identity {clientIdentifier} Could Not Be Found."); } else { var symmKey = new EncryptionServices().DecryptText(computerEntity.SymmKeyEncrypted); keyBytes = Convert.FromBase64String(symmKey); var body = request.Content.ReadAsByteArrayAsync().Result; if (body != null) { if (body.Length != 0) { var decryptedContent = new ServiceSymmetricEncryption().DecryptAsync(keyBytes, body); if (decryptedContent.Status != TaskStatus.Faulted) { Logger.Debug($"ID: {logId} - Successfully decrypted message body"); request.Content = new StringContent(decryptedContent.Result, Encoding.UTF8, "application/json"); Logger.Debug($"ID: {logId} - Message content: " + decryptedContent.Result); } else { Logger.Debug($"ID: {logId} - Could not decrypt message body"); } } } var decryptedCert = new ServiceSymmetricEncryption().DecryptAsync(keyBytes, Convert.FromBase64String(encryptedCert)); request.Headers.Remove("device_cert"); if (decryptedCert.Status != TaskStatus.Faulted) { request.Headers.Add("device_cert", decryptedCert.Result); Logger.Debug($"ID: {logId} - Successfully decrypted device certificate"); Logger.Debug($"ID: {logId} - Checking certificate authorization"); } else { Logger.Debug($"ID: {logId} - Could not decrypt device certificate"); } } // SETUP A CALLBACK FOR CATCHING THE RESPONSE - AFTER ROUTING HANDLER, AND AFTER CONTROLLER ACTIVITY return(base.SendAsync(request, cancellationToken).ContinueWith( task => { // RETURN THE ORIGINAL RESULT var response = task.Result; //Don't encrypt body if trying to download file if (!request.RequestUri.ToString().EndsWith("GetFile/")) { var body = ResponseHandler(task, keyBytes, computerEntity); if (body != null) { response.Content = body; } } return response; }, cancellationToken)); }