/// <summary> /// GetUser method implementation /// </summary> public MFAWebAuthNUser GetUser(int challengesize, string username) { MFAWebAuthNUser result = new MFAWebAuthNUser() { Id = CheckSumEncoding.EncodeUserID(challengesize, username), Name = username, DisplayName = username }; return(result); }
/// <summary> /// CreateCertificate method implmentation /// </summary> public override X509Certificate2 CreateCertificate(string upn, int validity, bool generatepassword = false) { string pass = string.Empty; string strcert = string.Empty; if (generatepassword) { pass = CheckSumEncoding.CheckSumAsString(upn); } return(Certs.CreateRSAEncryptionCertificateForUser(upn.ToLower(), validity, pass)); }
/// <summary> /// GenerateKey method /// </summary> private byte[] GenerateKey(string username) { byte[] text = CheckSumEncoding.CheckSum(username); byte[] buffer = new byte[128 + text.Length]; RandomNumberGenerator cryptoRandomDataGenerator = new RNGCryptoServiceProvider(); cryptoRandomDataGenerator.GetBytes(buffer, 0, 128); Buffer.BlockCopy(text, 0, buffer, 128, text.Length); return(buffer); }
/// <summary> /// ValidateKey method implmentation /// </summary> public override bool ValidateKey(string upn) { if (string.IsNullOrEmpty(upn)) { return(false); } string lupn = upn.ToLower(); string key = ReadKey(lupn); if (string.IsNullOrEmpty(key)) { return(false); } if (HasStorageInfos(key)) { using (var prov = new RSAEncryption(_xorsecret)) { byte[] crypted = StripStorageInfos(key); if (crypted == null) { return(false); } prov.Certificate = KeysStorage.GetUserCertificate(lupn, true); byte[] cleared = prov.Decrypt(crypted, lupn); if (cleared == null) { return(false); // Key corrupted } if (prov.CheckSum == null) { return(false); // Key corrupted } if (prov.CheckSum.SequenceEqual(CheckSumEncoding.CheckSum(lupn))) { return(true); // OK RSA } else { return(false); // Key corrupted } } } else { return(false); } }
/// <summary> /// ValidateKey method implmentation /// </summary> public override bool ValidateKey(string upn) { if (string.IsNullOrEmpty(upn)) { return(false); } string lupn = upn.ToLower(); string key = ReadKey(lupn); if (string.IsNullOrEmpty(key)) { return(false); } if (HasStorageInfos(key)) { using (var prov = new AES256Encryption(XORSecret, KeySize)) { byte[] crypted = StripStorageInfos(key); if (crypted == null) { return(false); } byte[] cleared = prov.GetDecryptedKey(crypted, lupn); if (cleared == null) { return(false); // Key corrupted } if (prov.CheckSum == null) { return(false); // Key corrupted } if (prov.CheckSum.SequenceEqual(CheckSumEncoding.CheckSum(lupn))) { return(true); // OK } else { return(false); // Key corrupted } } } else { return(false); } }
/// <summary> /// ValidateKeyV1 method implmentation /// </summary> public override bool ValidateKey(string upn) { if (string.IsNullOrEmpty(upn)) { return(false); } string lupn = upn.ToLower(); string key = ReadKey(lupn); if (HasKeyPrefix(key)) { using (var prov = new Encryption(_xorsecret)) { string xkey = StripKeyPrefix(key); byte[] crypted = System.Convert.FromBase64CharArray(xkey.ToCharArray(), 0, xkey.Length); if (crypted == null) { return(false); } prov.Certificate = KeysStorage.GetUserCertificate(lupn, false); byte[] cleared = prov.Decrypt(crypted, lupn); if (cleared == null) { return(false); // Key corrupted } if (prov.CheckSum == null) { return(false); // Key corrupted } if (prov.CheckSum.SequenceEqual(CheckSumEncoding.CheckSum(lupn))) { return(true); // OK RSA } else { return(false); // Key corrupted } } } else { return(false); } }
/// <summary> /// Decrypt method /// </summary> public override byte[] Decrypt(byte[] encryptedBytes, string username) { try { if (Certificate == null) { throw new Exception("Invalid decryption certificate !"); } byte[] decryptedBytes = null; var key = Certificate.GetRSAPrivateKey(); if (key == null) { throw new CryptographicException("Invalid private Key !"); } if (key is RSACng) { decryptedBytes = ((RSACng)key).Decrypt(encryptedBytes, RSAEncryptionPadding.OaepSHA256); } else { decryptedBytes = ((RSACryptoServiceProvider)key).Decrypt(encryptedBytes, true); } MemoryStream mem = new MemoryStream(decryptedBytes); string decryptedvalue = DeserializeFromStream(mem); int l = Convert.ToInt32(decryptedvalue.Substring(32, 3)); string outval = decryptedvalue.Substring(35, l); byte[] bytes = new byte[outval.Length * sizeof(char)]; Buffer.BlockCopy(outval.ToCharArray(), 0, bytes, 0, bytes.Length); this.CheckSum = CheckSumEncoding.CheckSum(outval); return(bytes); } catch (System.Security.Cryptography.CryptographicException ce) { Log.WriteEntry(string.Format("Crytograpphic Error for user {0} \r {1}", ce.Message, username), System.Diagnostics.EventLogEntryType.Error, 0000); return(null); } catch (Exception ex) { Log.WriteEntry(string.Format("Crytograpphic Error for user {0} \r {1}", ex.Message, username), System.Diagnostics.EventLogEntryType.Error, 0000); return(null); } }
/// <summary> /// ProbeKey method implmentation /// </summary> public override byte[] ProbeKey(string upn) { if (string.IsNullOrEmpty(upn)) { return(null); } string lupn = upn.ToLower(); string key = ReadKey(lupn); if (string.IsNullOrEmpty(key)) { return(null); } byte[] probed = null; using (var prov = new RSAEncryption(XORSecret)) { byte[] crypted = StripStorageInfos(key); if (crypted == null) { return(null); } string pass = CheckSumEncoding.CheckSumAsString(lupn); prov.Certificate = KeysStorage.GetUserCertificate(lupn, pass); probed = prov.GetDecryptedKey(crypted, lupn); if (probed == null) { return(null); } } if (probed.Length > MAX_PROBE_LEN) { byte[] buffer = new byte[MAX_PROBE_LEN]; Buffer.BlockCopy(probed, 0, buffer, 0, MAX_PROBE_LEN); return(buffer); } else { return(probed); } }
/// <summary> /// GetUserCertificate method implmentation /// </summary> public override X509Certificate2 GetUserCertificate(string upn, bool generatepassword = false) { string pass = string.Empty; if (generatepassword) { pass = CheckSumEncoding.CheckSumAsString(upn); } string request = "SELECT CERTIFICATE FROM KEYS WHERE UPN=@UPN"; SqlConnection con = new SqlConnection(_connectionstring); SqlCommand sql = new SqlCommand(request, con); SqlParameter prm = new SqlParameter("@UPN", SqlDbType.VarChar); sql.Parameters.Add(prm); prm.Value = upn.ToLower(); con.Open(); try { SqlDataReader rd = sql.ExecuteReader(); if (rd.Read()) { string strcert = rd.GetString(0); return(new X509Certificate2(Convert.FromBase64String(strcert), pass, X509KeyStorageFlags.Exportable)); // | X509KeyStorageFlags.PersistKeySet); } else { return(null); } } catch (Exception ex) { DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5000); throw new Exception(ex.Message); } finally { con.Close(); } }
/// <summary> /// NewKey method implementation /// </summary> public override string NewKey(string upn) { if (string.IsNullOrEmpty(upn)) { return(null); } string lupn = upn.ToLower(); byte[] crypted = null; using (var prov = new RSAEncryption(XORSecret)) { string pass = CheckSumEncoding.CheckSumAsString(lupn); prov.Certificate = KeysStorage.CreateCertificate(lupn, pass, Validity); crypted = prov.NewEncryptedKey(lupn); if (crypted == null) { return(null); } string outkey = AddStorageInfos(crypted); return(KeysStorage.NewUserKey(lupn, outkey, prov.Certificate)); } }
/// <summary> /// DoUpdateUserCertificate method implementation /// </summary> private void DoUpdateUserCertificate(string upn, X509Certificate2 cert) { try { List <MFAUserKeys> _lst = _mfakeysusers.GetData(); _lst.Where(s => s.UserName.ToLower().Equals(upn.ToLower())).ToList() .ForEach(s => { s.UserCertificate = Convert.ToBase64String(cert.Export(X509ContentType.Pfx, CheckSumEncoding.CheckSumAsString(upn))); cert.Reset(); }); _mfakeysusers.SetData(_lst); } catch (Exception ex) { DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5000); throw new Exception(ex.Message); } return; }
/// <summary> /// DoInsertUserCertificate method implementation /// </summary> private void DoInsertUserCertificate(string upn, X509Certificate2 cert) { List <MFAUserKeys> _lst = _mfakeysusers.GetData(); try { MFAUserKeys _itm = new MFAUserKeys() { UserName = upn.ToLower(), UserKey = string.Empty, UserCertificate = Convert.ToBase64String(cert.Export(X509ContentType.Pfx, CheckSumEncoding.CheckSumAsString(upn))) }; cert.Reset(); _lst.Add(_itm); _mfakeysusers.SetData(_lst); } catch (Exception ex) { DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5000); throw new Exception(ex.Message); } }
/// <summary> /// UpdateStoredKey method implementation /// </summary> private string DoUpdateUserKey(string upn, string secretkey, X509Certificate2 certificate) { string request = "UPDATE KEYS SET SECRETKEY = @SECRETKEY, CERTIFICATE = @CERTIFICATE WHERE UPN=@UPN"; SqlConnection con = new SqlConnection(_connectionstring); SqlCommand sql = new SqlCommand(request, con); SqlParameter pupn = new SqlParameter("@UPN", SqlDbType.VarChar); sql.Parameters.Add(pupn); pupn.Value = upn.ToLower(); SqlParameter psecret = new SqlParameter("@SECRETKEY", SqlDbType.VarChar, 8000); sql.Parameters.Add(psecret); psecret.Value = secretkey; SqlParameter pcert = new SqlParameter("@CERTIFICATE", SqlDbType.VarChar, 8000); sql.Parameters.Add(pcert); pcert.Value = Convert.ToBase64String(certificate.Export(X509ContentType.Pfx, CheckSumEncoding.CheckSumAsString(upn))); con.Open(); try { int res = sql.ExecuteNonQuery(); } catch (Exception ex) { DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5000); throw new Exception(ex.Message); } finally { certificate.Reset(); con.Close(); } return(secretkey); }