Esempio n. 1
0
 protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
 {
     foreach (HealthcheckCertificateData data in healthcheckData.TrustedCertificates)
     {
         X509Certificate2 cert = new X509Certificate2(data.Certificate);
         RSA key = null;
         try
         {
             key = cert.PublicKey.Key as RSA;
         }
         catch (Exception)
         {
             Trace.WriteLine("Non RSA key detected in certificate");
         }
         if (key != null)
         {
             RSAParameters rsaparams = key.ExportParameters(false);
             if (ROCAVulnerabilityTester.IsVulnerable(rsaparams))
             {
                 AddRawDetail(data.Source, cert.Subject, cert.NotAfter.ToString("u"));
             }
         }
     }
     return(null);
 }
 protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
 {
     foreach (HealthcheckCertificateData data in healthcheckData.TrustedCertificates)
     {
         X509Certificate2 cert = new X509Certificate2(data.Certificate);
         RSA key = null;
         try
         {
             key = cert.PublicKey.Key as RSA;
         }
         catch (Exception)
         {
             Trace.WriteLine("Non RSA key detected in certificate");
         }
         if (key != null)
         {
             RSAParameters rsaparams = key.ExportParameters(false);
             if (ROCAVulnerabilityTester.IsVulnerable(rsaparams))
             {
                 AddRawDetail(data.Source, cert.Subject, cert.NotAfter.ToString("u"));
             }
         }
     }
     if (healthcheckData.DomainControllers != null)
     {
         foreach (var dc in healthcheckData.DomainControllers)
         {
             if (dc.LDAPCertificate != null && dc.LDAPCertificate.Length > 0)
             {
                 X509Certificate2 cert = null;
                 RSA key = null;
                 try
                 {
                     cert = new X509Certificate2(dc.LDAPCertificate);
                     key  = cert.PublicKey.Key as RSA;
                 }
                 catch (Exception)
                 {
                     Trace.WriteLine("Non RSA key detected in certificate");
                 }
                 if (key != null)
                 {
                     RSAParameters rsaparams = key.ExportParameters(false);
                     if (ROCAVulnerabilityTester.IsVulnerable(rsaparams))
                     {
                         AddRawDetail("DC " + dc.DCName, cert.Subject, cert.NotAfter.ToString("u"));
                     }
                 }
             }
         }
     }
     if (healthcheckData.GPOWSUS != null)
     {
         var WSUSCache = new List <string>();
         foreach (var wsus in healthcheckData.GPOWSUS)
         {
             if (wsus.WSUSserverCertificate != null && wsus.WSUSserverCertificate.Length > 0 &&
                 !string.IsNullOrEmpty(wsus.WSUSserver) && !WSUSCache.Contains(wsus.WSUSserver))
             {
                 WSUSCache.Add(wsus.WSUSserver);
                 X509Certificate2 cert = null;
                 RSA key = null;
                 try
                 {
                     cert = new X509Certificate2(wsus.WSUSserverCertificate);
                     key  = cert.PublicKey.Key as RSA;
                 }
                 catch (Exception)
                 {
                     Trace.WriteLine("Non RSA key detected in certificate");
                 }
                 if (key != null)
                 {
                     RSAParameters rsaparams = key.ExportParameters(false);
                     if (ROCAVulnerabilityTester.IsVulnerable(rsaparams))
                     {
                         AddRawDetail("WSUS " + wsus.WSUSserver, cert.Subject, cert.NotAfter.ToString("u"));
                     }
                 }
             }
             if (wsus.WSUSserverAlternateCertificate != null && wsus.WSUSserverAlternateCertificate.Length > 0 &&
                 !string.IsNullOrEmpty(wsus.WSUSserverAlternate) && !WSUSCache.Contains(wsus.WSUSserverAlternate))
             {
                 WSUSCache.Add(wsus.WSUSserverAlternate);
                 X509Certificate2 cert = null;
                 RSA key = null;
                 try
                 {
                     cert = new X509Certificate2(wsus.WSUSserverAlternateCertificate);
                     key  = cert.PublicKey.Key as RSA;
                 }
                 catch (Exception)
                 {
                     Trace.WriteLine("Non RSA key detected in certificate");
                 }
                 if (key != null)
                 {
                     RSAParameters rsaparams = key.ExportParameters(false);
                     if (ROCAVulnerabilityTester.IsVulnerable(rsaparams))
                     {
                         AddRawDetail("WSUS " + wsus.WSUSserverAlternate, cert.Subject, cert.NotAfter.ToString("u"));
                     }
                 }
             }
         }
     }
     return(null);
 }