static public bool InstallCertificate(byte[] data)
{
if (ContainsLoadedCert(data) == true)
{
return(true);
}
string CertFolder = SystemInfos.ProgramData + "Certificates\\";
FilesystemCertificateData cer = new FilesystemCertificateData();
for (int i = 1; i < 100; i++)
{
if (File.Exists(CertFolder + "Certificate" + i.ToString("00") + ".cer") == false)
{
File.WriteAllBytes(CertFolder + "Certificate" + i.ToString("00") + ".cer", data);
byte[] d = ApplicationCertificate.Sign(data);
if (d != null)
{
File.WriteAllBytes(CertFolder + "Certificate" + i.ToString("00") + ".sign", d);
}
FoxEventLog.WriteEventLog("Certificate " + Certificates.GetCN(data) + " installed as ID=" + i.ToString("00"), System.Diagnostics.EventLogEntryType.Information);
cer.FSFilename = "Certificate" + i.ToString("00") + ".cer";
cer.Certificate = data;
break;
}
}
LoadedCertificates.Add(cer);
FoxEventLog.WriteEventLog("Certificate " + Certificates.GetCN(data) + " loaded", System.Diagnostics.EventLogEntryType.Information);
return(true);
}
void UpdateStatus()
{
if (Cert.UUCerFile == null)
{
Cert.UUCerFile = "";
}
if (Cert.UUCerFile.Trim() == "")
{
lblInstCert.Text = "not set";
cmdSave.Enabled = false;
}
else
{
try
{
cmdSave.Enabled = true;
string S = Certificates.GetCN(Convert.FromBase64String(Cert.UUCerFile));
if (S == null)
{
lblInstCert.Text = "<ERROR>";
cmdSave.Enabled = false;
}
else
{
lblInstCert.Text = S;
}
}
catch
{
lblInstCert.Text = "<ERROR>";
cmdSave.Enabled = false;
}
}
}
void UpdateStatus()
{
if (Cert.UUCerFile == null)
{
Cert.UUCerFile = "";
}
if (Cert.UUSignFile == null)
{
Cert.UUSignFile = "";
}
if (Cert.UUCerFile.Trim() == "")
{
lblInstCert.Text = "not set";
lblVulpesSig.Text = "not set";
cmdSave.Enabled = false;
}
else
{
try
{
cmdSave.Enabled = true;
string S = Certificates.GetCN(Convert.FromBase64String(Cert.UUCerFile));
if (S == null)
{
lblInstCert.Text = "<ERROR>";
lblVulpesSig.Text = "<N/A>";
cmdSave.Enabled = false;
}
else
{
lblInstCert.Text = S;
}
}
catch
{
lblInstCert.Text = "<ERROR>";
lblVulpesSig.Text = "<N/A>";
cmdSave.Enabled = false;
}
if (cmdSave.Enabled == true)
{
try
{
if (Cert.UUSignFile.Trim() == "")
{
lblVulpesSig.Text = "not set";
}
else
{
bool sig = Certificates.Verify(Convert.FromBase64String(Cert.UUCerFile), Convert.FromBase64String(Cert.UUSignFile), InternalCertificate.Main);
if (sig == false)
{
lblVulpesSig.Text = "Signature failed";
}
else
{
lblVulpesSig.Text = "Signature OK";
}
}
}
catch
{
lblVulpesSig.Text = "<ERROR>";
}
}
}
}
public static bool DoSyncPolicy()
{
RequestCertPolicyID = 0;
RequestCertPolicyMessageID = 0;
RequestCertPolicyCERData = null;
List <Int64> ProcessedPolicies = new List <long>();
Network net;
net = Utilities.ConnectNetwork(9);
if (net == null)
{
return(false);
}
Status.UpdateMessage(9, "Downloading client settings");
FoxEventLog.VerboseWriteEventLog("Downloading client settings", System.Diagnostics.EventLogEntryType.Information);
ClientSettings settings = net.GetClientSettings();
if (settings != null)
{
RegistryData.AdministratorName = settings.AdministratorName;
RegistryData.MessageDisclaimer = settings.MessageDisclaimer;
}
Status.UpdateMessage(9, "Downloading policies");
FoxEventLog.VerboseWriteEventLog("Downloading policies", System.Diagnostics.EventLogEntryType.Information);
PolicyObjectListSigned policieslistsigned = net.GetPoliciesForComputer();
List <PolicyObjectSigned> policies = policieslistsigned == null ? null : policieslistsigned.Items;
if (policies == null)
{
FoxEventLog.VerboseWriteEventLog("Downloading policies - nix", System.Diagnostics.EventLogEntryType.Information);
Status.UpdateMessage(9);
net.CloseConnection();
return(true);
}
if (FilesystemData.LoadedCertificates.Count > 0)
{
bool SignatureOK = false;
foreach (FilesystemCertificateData cer in FilesystemData.LoadedCertificates)
{
if (Certificates.Verify(policieslistsigned, cer.Certificate) == true)
{
SignatureOK = true;
break;
}
}
if (SignatureOK == false)
{
FoxEventLog.WriteEventLog("Invalid signature for PolicyList - no policies will be processed.", System.Diagnostics.EventLogEntryType.Error);
net.CloseConnection();
return(true);
}
}
if (RegistryData.Verbose == 1)
{
string data = "Got policy:\r\n";
foreach (PolicyObjectSigned obj in policies)
{
data += obj.Policy.Name + " [ID: " + obj.Policy.ID + " VER: " + obj.Policy.Version + "]\r\n";
}
FoxEventLog.VerboseWriteEventLog("Downloading policies " + data, System.Diagnostics.EventLogEntryType.Information);
}
if (FilesystemData.LoadedCertificates.Count > 0)
{
foreach (PolicyObjectSigned obj in policies)
{
if (ApplicationCertificate.Verify(obj) == false)
{
FoxEventLog.WriteEventLog("One or more policies were tampered - no policies will be processed.", System.Diagnostics.EventLogEntryType.Error);
net.CloseConnection();
return(true);
}
}
}
#region Certificate Checks
foreach (PolicyObjectSigned obj in policies)
{
if (obj.Policy.Type == PolicyIDs.SignCertificate)
{
if (FilesystemData.ContainsPolicy(obj.Policy, false, false) == true)
{
continue;
}
PolicyObjectSigned objj = net.GetPolicyObjectSigned(obj.Policy.ID);
//do not verify signing here - that won't work! - Fox
PolicySigningCertificates Cert = JsonConvert.DeserializeObject <PolicySigningCertificates>(objj.Policy.Data);
if (FilesystemData.ContainsLoadedCert(Convert.FromBase64String(Cert.UUCerFile)) == true)
{
continue;
}
bool sig = Certificates.Verify(Convert.FromBase64String(Cert.UUCerFile), Convert.FromBase64String(Cert.UUSignFile), InternalCertificate.Main);
if (sig == false)
{
RequestCertPolicyID = objj.Policy.ID;
RequestCertPolicyCERData = Convert.FromBase64String(Cert.UUCerFile);
string CN = Certificates.GetCN(Convert.FromBase64String(Cert.UUCerFile));
if (CN == null)
{
FoxEventLog.WriteEventLog("Invalid certificate from server (Policy ID=" + objj.Policy.ID.ToString() + " Name=" + objj.Policy.Name + ")", System.Diagnostics.EventLogEntryType.Error);
continue;
}
Status.RequestCertificateConfirm("The certificate with " + CN + " is not signed by Vulpes. This may that someone tampered the connection, or a false certificate is installed on the server.\nDo you want to continue, and trust this certificate?", RequestCertPolicyID);
RequestCertPolicyMessageID = Status.MessageID;
FoxEventLog.WriteEventLog("Got unsinged certificate (Policy ID=" + objj.Policy.ID.ToString() + " Name=" + objj.Policy.Name + " " + CN + ")", System.Diagnostics.EventLogEntryType.Warning);
}
else
{
string CN = Certificates.GetCN(Convert.FromBase64String(Cert.UUCerFile));
if (CN == null)
{
FoxEventLog.WriteEventLog("Invalid (Vulpes signed) certificate from server (Policy ID=" + objj.Policy.ID.ToString() + " Name=" + objj.Policy.Name + ")", System.Diagnostics.EventLogEntryType.Error);
continue;
}
FilesystemData.InstallCertificate(Convert.FromBase64String(Cert.UUCerFile));
}
}
}
#endregion
if (FilesystemData.LoadedCertificates.Count > 0)
{
foreach (PolicyObjectSigned obj in policies)
{
if (FilesystemData.ContainsPolicy(obj.Policy, false, false) == true)
{
if (ProcessedPolicies.Contains(obj.Policy.ID) == false)
{
ProcessedPolicies.Add(obj.Policy.ID);
}
FilesystemData.UpdatePolicyOrder(obj.Policy, obj.Policy.Order);
continue;
}
PolicyObjectSigned objj = net.GetPolicyObjectSigned(obj.Policy.ID);
if (objj == null)
{
FoxEventLog.WriteEventLog("No data for policy - not applying (Policy ID=" + obj.Policy.ID.ToString() + " Name=" + obj.Policy.Name + ")", System.Diagnostics.EventLogEntryType.Error);
continue;
}
if (ApplicationCertificate.Verify(objj) == false)
{
FoxEventLog.WriteEventLog("Policy was tampered - not applying (Policy ID=" + objj.Policy.ID.ToString() + " Name=" + objj.Policy.Name + ")", System.Diagnostics.EventLogEntryType.Error);
continue;
}
if (FilesystemData.InstallPolicy(objj.Policy, obj.Policy.Order) == false)
{
continue;
}
if (ProcessedPolicies.Contains(obj.Policy.ID) == false)
{
ProcessedPolicies.Add(obj.Policy.ID);
}
}
List <LoadedPolicyObject> RemovePol = new List <LoadedPolicyObject>();
foreach (LoadedPolicyObject lobj in FilesystemData.LoadedPolicyObjects)
{
if (ProcessedPolicies.Contains(lobj.PolicyObject.ID) == false)
{
RemovePol.Add(lobj);
}
}
foreach (LoadedPolicyObject lobj in RemovePol)
{
FilesystemData.DeletePolicy(lobj);
}
}
net.CloseConnection();
if (RequestCertPolicyID == 0)
{
Status.UpdateMessage(9);
}
FoxEventLog.VerboseWriteEventLog("Downloading policies - DONE", System.Diagnostics.EventLogEntryType.Information);
return(true);
}
static public bool LoadCertificates(bool Shutup = false)
{
LoadedCertificates = new List <FilesystemCertificateData>();
string CertFolder = SystemInfos.ProgramData + "Certificates\\";
if (Directory.Exists(CertFolder) == false)
{
Directory.CreateDirectory(CertFolder);
}
for (int i = 1; i < 100; i++)
{
if (File.Exists(CertFolder + "Certificate" + i.ToString("00") + ".cer") == false)
{
if (File.Exists(CertFolder + "Certificate" + i.ToString("00") + ".sign") == true)
{
FoxEventLog.WriteEventLog("Found lonely file \"Certificate" + i.ToString("00") + ".sign\" - deleting the file", System.Diagnostics.EventLogEntryType.Warning);
File.Delete(CertFolder + "Certificate" + i.ToString("00") + ".sign");
}
}
else
{
if (File.Exists(CertFolder + "Certificate" + i.ToString("00") + ".sign") == false)
{
FoxEventLog.WriteEventLog("Found \"Certificate" + i.ToString("00") + ".cer\" but no signature - deleting the file", System.Diagnostics.EventLogEntryType.Warning);
File.Delete(CertFolder + "Certificate" + i.ToString("00") + ".cer");
}
else
{
FileInfo file;
file = new FileInfo(CertFolder + "Certificate" + i.ToString("00") + ".cer");
if (file.Length > 5242880)
{
FoxEventLog.WriteEventLog("File \"Certificate" + i.ToString("00") + ".cer\" too large (>5MB) - deleting the files", System.Diagnostics.EventLogEntryType.Warning);
File.Delete(CertFolder + "Certificate" + i.ToString("00") + ".cer");
File.Delete(CertFolder + "Certificate" + i.ToString("00") + ".sign");
continue;
}
file = new FileInfo(CertFolder + "Certificate" + i.ToString("00") + ".sign");
if (file.Length > 5242880)
{
FoxEventLog.WriteEventLog("File \"Certificate" + i.ToString("00") + ".sign\" too large (>5MB) - deleting the files", System.Diagnostics.EventLogEntryType.Warning);
File.Delete(CertFolder + "Certificate" + i.ToString("00") + ".cer");
File.Delete(CertFolder + "Certificate" + i.ToString("00") + ".sign");
continue;
}
byte[] cert = File.ReadAllBytes(CertFolder + "Certificate" + i.ToString("00") + ".cer");
byte[] sign = File.ReadAllBytes(CertFolder + "Certificate" + i.ToString("00") + ".sign");
if (ApplicationCertificate.Verify(cert, sign) == false)
{
FoxEventLog.WriteEventLog("File \"Certificate" + i.ToString("00") + ".cer\" and \"Certificate" + i.ToString("00") + ".sign\" do not match - deleting the files", System.Diagnostics.EventLogEntryType.Warning);
File.Delete(CertFolder + "Certificate" + i.ToString("00") + ".cer");
File.Delete(CertFolder + "Certificate" + i.ToString("00") + ".sign");
continue;
}
if (ContainsLoadedCert(cert) == true)
{
FoxEventLog.WriteEventLog("File \"Certificate" + i.ToString("00") + ".cer\" this certificate is already loaded from a different file - deleting the files", System.Diagnostics.EventLogEntryType.Warning);
File.Delete(CertFolder + "Certificate" + i.ToString("00") + ".cer");
File.Delete(CertFolder + "Certificate" + i.ToString("00") + ".sign");
continue;
}
Debug.WriteLine(CertFolder + "Certificate" + i.ToString("00") + ".cer loaded");
FilesystemCertificateData fscer = new FilesystemCertificateData();
fscer.FSFilename = "Certificate" + i.ToString("00") + ".cer";
fscer.Certificate = cert;
LoadedCertificates.Add(fscer);
if (Shutup == false)
{
FoxEventLog.WriteEventLog("Certificate " + Certificates.GetCN(cert) + " loaded", System.Diagnostics.EventLogEntryType.Information);
}
}
}
}
return(true);
}