Esempio n. 1
0
        /// <summary>
        /// encrypt the stream asymmetrically using the encryption information
        /// of specific security profile in the configuration file
        /// </summary>
        /// <param name="data">stream data</param>
        /// <param name="profile">security profile name</param>
        /// <param name="key">output parameter for generated secret key</param>
        /// <param name="iv">output parameter for generated iv</param>
        /// <param name="signature">out parameters for the digital signature</param>
        /// <returns>stream data</returns>
        public static Stream Encrypt(Stream data, string profile, out byte[] key, out byte[] iv, out byte[] signature)
        {
            SAF.Configuration.ConfigurationManager cm = (SAF.Configuration.ConfigurationManager)System.Configuration.ConfigurationManager.GetSection("Framework");
            CryptographyConfiguration cc = cm.CryptographyConfig;
            //retrieve the security profile information from the configuration file
            XmlNode cryptoInfo = cc.SearchCryptoInfoByProfileName(profile);
            bool    symmetric  = Boolean.Parse(cryptoInfo.Attributes["symmetric"].Value);

            ICryptoTransform         encryptor = null;
            RSACryptoServiceProvider provider  = null;

            if (symmetric != false)
            {
                throw new System.Exception("This method id not intended for symmetric  encryption");
            }

            provider = (RSACryptoServiceProvider)cc.GetAymmetricAlgorithmProvider(profile);
            //retireve the sneder and receiver's certification information for encryption
            string senderCert         = cryptoInfo.SelectSingleNode("SenderCertificate").InnerText;
            string sendCertStore      = cryptoInfo.SelectSingleNode("SenderCertificate").Attributes["store"].Value;
            string receiverCert       = cryptoInfo.SelectSingleNode("ReceiverCertificate").InnerText;
            string receiverCertStore  = cryptoInfo.SelectSingleNode("ReceiverCertificate").Attributes["store"].Value;
            string symmatricAlgorithm = cryptoInfo.SelectSingleNode("SymmatricAlgorithm").InnerText;

            //obtain the X509 certificate object for the sender and receiver
            X509Certificate senderCertificate   = Certificate.SearchCertificateBySubjectName(sendCertStore, senderCert);
            X509Certificate receiverCertificate = Certificate.SearchCertificateBySubjectName(receiverCertStore, receiverCert);

            //receive the sender's private key and receiver's public key for encryption
            RSAParameters sender_privateKey  = senderCertificate.Key.ExportParameters(true);
            RSAParameters receiver_publicKey = receiverCertificate.PublicKey.ExportParameters(false);

            SymmetricAlgorithm symmProvider = SymmetricAlgorithm.Create(symmatricAlgorithm);

            encryptor = symmProvider.CreateEncryptor();

            CryptoStream encStream = new CryptoStream(data, encryptor, CryptoStreamMode.Read);
            MemoryStream encrypted = new MemoryStream();

            byte[] buffer = new byte[1024];
            int    count  = 0;

            while ((count = encStream.Read(buffer, 0, 1024)) > 0)
            {
                encrypted.Write(buffer, 0, count);
            }
            //encrypt the screte key, iv key using receiver's public key
            //that are used to decrypt the data
            provider.ImportParameters(receiver_publicKey);

            key = provider.Encrypt(symmProvider.Key, false);
            iv  = provider.Encrypt(symmProvider.IV, false);

            //sign the data with sender's private key
            provider.ImportParameters(sender_privateKey);
            signature          = provider.SignData(encrypted.ToArray(), new SHA1CryptoServiceProvider());
            encrypted.Position = 0;
            return((Stream)encrypted);
        }
Esempio n. 2
0
        /// <summary>
        /// constructor takes the SAFIdentity as its parameter.
        /// </summary>
        /// <param name="sid">SAFIdentity object which contain the identity and appplication name information</param>
        public SAFPrincipal(SAFIdentity sid)
        {
            //retrieve the authentication configuraiton from the configuraiton file
            SAF.Configuration.ConfigurationManager cm = (SAF.Configuration.ConfigurationManager)System.Configuration.ConfigurationManager.GetSection("Framework");
            AuthenticationConfiguration            ac = cm.AuthenticationConfig;

            //set identity object and the SAFUser property
            identity = sid;
            safUser  = ac.GetSAFUserName(sid.Name, sid.ApplicationName);
            //set the application inforamtion of the SAFPrincipal
            SetApplication(sid.ApplicationName);
        }
Esempio n. 3
0
        /// <summary>
        /// SetApplication will change the application context of principal object
        /// so that principal object represents the user membership information of
        /// a given application
        /// </summary>
        /// <param name="application">name of the application for which SAFPrincipal will switch the its membership information.</param>
        public void SetApplication(string application)
        {
            SAF.Configuration.ConfigurationManager cm = (SAF.Configuration.ConfigurationManager)System.Configuration.ConfigurationManager.GetSection("Framework");
            AuthenticationConfiguration            ac = cm.AuthenticationConfig;
            //retrieve the type informatioin for the principal object of a given applicaiton
            string      typeName    = ac.GetPrincipalTypeForApplication(application);
            string      appUserName = cm.AuthenticationConfig.GetIdentityForApplicaiton(safUser, application);
            SAFIdentity safIdentity = new SAFIdentity(appUserName, application);
            Type        type        = Type.GetType(typeName);

            object[] parameters = new object[1] {
                safIdentity
            };
            //set the new object to the internal principal object.
            currentApplicationPrincipal = (IPrincipal)Activator.CreateInstance(type, parameters);
            identity = (IIdentity)safIdentity;
        }
Esempio n. 4
0
        /// <summary>
        /// Demand method is called at runtime when a caller is trying to access
        /// resource that is marked with SAFSecurityAttribute.
        /// </summary>
        public void Demand()
        {
            //obtain the information about the denied and allowed roles
            //information from configuraiton file

            SAF.Configuration.ConfigurationManager cm = (SAF.Configuration.ConfigurationManager)System.Configuration.ConfigurationManager.GetSection("Framework");
            AuthorizationConfiguration             ac = cm.AuthorizationConfig;

            string[] allowedRoles = ac.AllowedRoles(Name);
            string[] deniedRoles  = ac.DeniedRoles(Name);

            //create the IAuthorizationProvider object which is responsible
            //for verify if the call is permitted or denied based on the
            //allowed role and denied role information.
            IAuthorizationProvider ap = (IAuthorizationProvider)ac.GetAuthorizationProvider(Name);

            ap.Authorize(allowedRoles, deniedRoles);
        }
Esempio n. 5
0
        /// <summary>
        /// encrypt the stream symmetrically using the security profile
        /// information stored in the configuration file
        /// </summary>
        /// <param name="data">stream data</param>
        /// <param name="profile">profile name</param>
        /// <returns>stream data</returns>
        public static Stream Encrypt(Stream data, string profile)
        {
            SAF.Configuration.ConfigurationManager cm = (SAF.Configuration.ConfigurationManager)System.Configuration.ConfigurationManager.GetSection("Framework");
            CryptographyConfiguration cc = cm.CryptographyConfig;
            //retrieve security profile information
            XmlNode cryptoInfo = cc.SearchCryptoInfoByProfileName(profile);
            bool    symmetric  = Boolean.Parse(cryptoInfo.Attributes["symmetric"].Value);

            ICryptoTransform   encryptor = null;
            SymmetricAlgorithm provider  = null;

            if (symmetric != true)
            {
                throw new System.Exception("This method id not intended for asymmetric  encryption");
            }

            //retrive the secret key and iv information
            provider = cc.GetSymmetricAlgorithmProvider(profile);
            string key = cryptoInfo.SelectSingleNode("SecretKey").InnerText;
            string iv  = cryptoInfo.SelectSingleNode("IV").InnerText;

            provider.Key = Encoding.Default.GetBytes(key);
            provider.IV  = Encoding.Default.GetBytes(iv);

            encryptor = provider.CreateEncryptor();
            MemoryStream encrypted = new MemoryStream();
            //encrypt the stream symmetrically
            CryptoStream encStream = new CryptoStream(encrypted, encryptor, CryptoStreamMode.Write);

            byte[] buffer = new byte[1024];
            int    count  = 0;

            while ((count = data.Read(buffer, 0, 1024)) > 0)
            {
                encStream.Write(buffer, 0, count);
            }
            encStream.FlushFinalBlock();
            encrypted.Position = 0;
            return((Stream)encrypted);
        }
Esempio n. 6
0
        /// <summary>
        /// decrypt the stream data symmetrically using the security profile
        /// information stored in the configuration file
        /// </summary>
        /// <param name="data">stream data</param>
        /// <param name="profile">security profile name</param>
        /// <returns>decrypted stream</returns>
        public static Stream Decrypt(Stream data, string profile)
        {
            SAF.Configuration.ConfigurationManager cm = (SAF.Configuration.ConfigurationManager)System.Configuration.ConfigurationManager.GetSection("Framework");
            CryptographyConfiguration cc = cm.CryptographyConfig;
            //retrieve the security profile information for configuration file
            XmlNode cryptoInfo = cc.SearchCryptoInfoByProfileName(profile);
            bool    symmetric  = Boolean.Parse(cryptoInfo.Attributes["symmetric"].Value);

            ICryptoTransform   decryptor = null;
            SymmetricAlgorithm provider  = null;

            if (symmetric != true)
            {
                throw new System.Exception("This method id not intended for asymmetric  encryption");
            }
            //retrieve the secret key and iv from the configuration file
            provider = cc.GetSymmetricAlgorithmProvider(profile);
            string key = cryptoInfo.SelectSingleNode("SecretKey").InnerText;
            string iv  = cryptoInfo.SelectSingleNode("IV").InnerText;

            provider.Key = Encoding.Default.GetBytes(key);
            provider.IV  = Encoding.Default.GetBytes(iv);
            decryptor    = provider.CreateDecryptor();
            //decrypt the stream
            CryptoStream decStream = new CryptoStream(data, decryptor, CryptoStreamMode.Read);
            MemoryStream decrypted = new MemoryStream();

            byte[] buffer = new byte[2048];
            int    count  = 0;

            while ((count = decStream.Read(buffer, 0, buffer.Length)) != 0)
            {
                decrypted.Write(buffer, 0, count);
            }

            decrypted.Position = 0;
            return((Stream)decrypted);
        }
Esempio n. 7
0
        /// <summary>
        /// Called by the client to get an instance of the factory class
        /// </summary>
        /// <param name="factoryName">factory name</param>
        /// <returns>class factory object</returns>
        public static object GetFactory(string factoryName)
        {
            object factory = null;

            SAF.Configuration.ConfigurationManager cm = (SAF.Configuration.ConfigurationManager)System.Configuration.ConfigurationManager.GetSection("Framework");
            ClassFactoryConfiguration cf = cm.ClassFactoryConfig;
            XmlNode classFactoryData     = cf.GetFactoryData(factoryName);

            //obtain the type information
            string type = classFactoryData.Attributes["type"].Value;
            Type   t    = System.Type.GetType(type);

            //creat an instance of concrete class factory
            if (classFactoryData.Attributes["location"] != null)
            {
                string location = classFactoryData.Attributes["location"].Value;
                factory = Activator.GetObject(t, location);
            }
            else
            {
                factory = Activator.CreateInstance(t, null);
            }
            return(factory);
        }
Esempio n. 8
0
        /// <summary>
        /// decrypt the stream data asymmetrically using the security profile
        /// information stored in the configuration file
        /// </summary>
        /// <param name="data">encrypted stream data</param>
        /// <param name="profile">security profile name</param>
        /// <param name="key">generated key</param>
        /// <param name="iv">generated iv</param>
        /// <param name="signature">generated signature</param>
        /// <returns>decrypted stream</returns>
        public static Stream Decrypt(Stream data, string profile, byte[] key, byte[] iv, byte[] signature)
        {
            SAF.Configuration.ConfigurationManager cm = (SAF.Configuration.ConfigurationManager)System.Configuration.ConfigurationManager.GetSection("Framework");
            CryptographyConfiguration cc = cm.CryptographyConfig;
            //retrieve the security profile information
            XmlNode                  cryptoInfo = cc.SearchCryptoInfoByProfileName(profile);
            bool                     symmetric  = Boolean.Parse(cryptoInfo.Attributes["symmetric"].Value);
            ICryptoTransform         decryptor  = null;
            RSACryptoServiceProvider provider   = null;

            if (symmetric != false)
            {
                throw new System.Exception("This method id not intended for symmetric  encryption");
            }

            provider = (RSACryptoServiceProvider)cc.GetAymmetricAlgorithmProvider(profile);
            //retrieve the sender and receiver's certification information for decryption
            string senderCert         = cryptoInfo.SelectSingleNode("SenderCertificate").InnerText;
            string sendCertStore      = cryptoInfo.SelectSingleNode("SenderCertificate").Attributes["store"].Value;
            string receiverCert       = cryptoInfo.SelectSingleNode("ReceiverCertificate").InnerText;
            string receiverCertStore  = cryptoInfo.SelectSingleNode("ReceiverCertificate").Attributes["store"].Value;
            string symmatricAlgorithm = cryptoInfo.SelectSingleNode("SymmatricAlgorithm").InnerText;

            //obtain X509 certification object
            X509Certificate senderCertificate   = Certificate.SearchCertificateBySubjectName(sendCertStore, senderCert);
            X509Certificate receiverCertificate = Certificate.SearchCertificateBySubjectName(receiverCertStore, receiverCert);

            //retrieve the sender's private key and receiver's public
            RSAParameters sender_privateKey  = senderCertificate.Key.ExportParameters(true);
            RSAParameters receiver_publicKey = receiverCertificate.PublicKey.ExportParameters(false);

            //import the public key information to verify the data
            provider.ImportParameters(receiver_publicKey);

            MemoryStream ms = new MemoryStream();

            byte[] buffer = new Byte[1024];
            int    count  = 0;

            while ((count = data.Read(buffer, 0, buffer.Length)) > 0)
            {
                ms.Write(buffer, 0, count);
            }

            byte[] encryptedData = ms.ToArray();
            //data.Position = 0 ;
            //data.Read(encryptedData,0,encryptedData.Length);
            //verify if the data has been tempered with
            bool v = provider.VerifyData(encryptedData, new SHA1CryptoServiceProvider(), signature);

            if (v == false)
            {
                throw new CryptographicException();
            }
            //import the private key information to decrypt data
            provider.ImportParameters(sender_privateKey);
            //decrypt the secret key and iv
            byte[] decryptedkey = provider.Decrypt(key, false);
            byte[] decryptediv  = provider.Decrypt(iv, false);

            SymmetricAlgorithm symmProvider = SymmetricAlgorithm.Create(symmatricAlgorithm);

            symmProvider.Key = decryptedkey;
            symmProvider.IV  = decryptediv;
            decryptor        = symmProvider.CreateDecryptor();
            ms.Position      = 0;
            //decrypt the stream
            CryptoStream decStream = new CryptoStream(ms, decryptor, CryptoStreamMode.Read);
            MemoryStream decrypted = new MemoryStream();

            count = 0;
            while ((count = decStream.Read(buffer, 0, buffer.Length)) != 0)
            {
                decrypted.Write(buffer, 0, count);
            }
            decrypted.Position = 0;
            return((Stream)decrypted);
        }