Esempio n. 1
0
        public bool HardReset(string type)
        {
            Logger.Info("Resetting Toec: " + type);
            ServiceCertificate.DeleteAllDeviceCertificates();
            ServiceCertificate.DeleteIntermediate();

            var serviceSetting  = new ServiceSetting();
            var provisionStatus = serviceSetting.GetSetting("provision_status");

            provisionStatus.Value = "0";
            serviceSetting.UpdateSettingValue(provisionStatus);

            if (type.Equals("Full"))
            {
                var installationId = serviceSetting.GetSetting("installation_id");
                installationId.Value = Guid.NewGuid().ToString();
                serviceSetting.UpdateSettingValue(installationId);
            }

            var encryptionKey = serviceSetting.GetSetting("encryption_key");

            encryptionKey.Value = null;
            serviceSetting.UpdateSettingValue(encryptionKey);

            var entropy = serviceSetting.GetSetting("entropy");

            entropy.Value = null;
            serviceSetting.UpdateSettingValue(entropy);

            var computerIdentifier = serviceSetting.GetSetting("computer_identifier");

            computerIdentifier.Value = null;
            serviceSetting.UpdateSettingValue(computerIdentifier);

            var deviceThumbprint = serviceSetting.GetSetting("device_thumbprint");

            deviceThumbprint.Value = null;
            serviceSetting.UpdateSettingValue(deviceThumbprint);

            var intermediateThumbprint = serviceSetting.GetSetting("intermediate_thumbprint");

            intermediateThumbprint.Value = null;
            serviceSetting.UpdateSettingValue(intermediateThumbprint);

            if (type.Equals("Full"))
            {
                new PolicyHistoryServices().DeleteAll();
                new ServiceUserTracker().DeleteAll();
                new ServiceAppMonitor().DeleteAll();
            }

            Logger.Info("Resetting Toec Finished");
            return(true);
        }
Esempio n. 2
0
        private EnumProvisionStatus.Status ProvisionStage3()
        {
            var deviceThumbprint = _serviceSetting.GetSetting("device_thumbprint");

            if (string.IsNullOrEmpty(deviceThumbprint.Value))
            {
                //assume stage 2 didn't finish
                return(EnumProvisionStatus.Status.NotStarted);
            }
            var deviceCert = ServiceCertificate.GetCertificateFromStore(deviceThumbprint.Value, StoreName.My);

            if (deviceCert == null)
            {
                return(EnumProvisionStatus.Status.Error);
            }

            var confirmRequest = new DtoConfirmProvisionRequest();

            confirmRequest.Name       = DtoGobalSettings.ClientIdentity.Name;
            confirmRequest.Guid       = _serviceSetting.GetSetting("computer_identifier").Value;
            confirmRequest.DeviceCert = Convert.ToBase64String(deviceCert.RawData);

            var confirmResult = new APICall().ProvisionApi.ConfirmProvisionRequest(confirmRequest);

            if (confirmResult == null)
            {
                return(EnumProvisionStatus.Status.Error);
            }

            if (confirmResult.ProvisionStatus != EnumProvisionStatus.Status.Provisioned)
            {
                return(confirmResult.ProvisionStatus);
            }

            UpdateComServers(confirmResult.ComServers);
            var settingProvisionStatus = _serviceSetting.GetSetting("provision_status");

            settingProvisionStatus.Value = Convert.ToInt16(confirmResult.ProvisionStatus).ToString();
            _serviceSetting.UpdateSettingValue(settingProvisionStatus);

            //new provision, if image first run, add to first run group
            if (File.Exists($"{Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles)}\\Toec\\image_prepped"))
            {
                Logger.Debug("Found Image Prep File, Adding to First Run Group");
                new APICall().PolicyApi.AddToFirstRunGroup();
            }

            return(EnumProvisionStatus.Status.Provisioned);
        }
Esempio n. 3
0
        private EnumProvisionStatus.Status RenewSymmKey()
        {
            var deviceThumbprint = _serviceSetting.GetSetting("device_thumbprint");

            var deviceCert = ServiceCertificate.GetCertificateFromStore(deviceThumbprint.Value, StoreName.My);

            if (deviceCert == null)
            {
                return(EnumProvisionStatus.Status.Error);
            }

            var key = GenerateSymmKey();

            var renewRequest = new DtoRenewKeyRequest();

            renewRequest.Name       = DtoGobalSettings.ClientIdentity.Name;
            renewRequest.Guid       = DtoGobalSettings.ClientIdentity.Guid;
            renewRequest.DeviceCert = Convert.ToBase64String(deviceCert.RawData);
            renewRequest.SymmKey    = Convert.ToBase64String(key);

            var renewResult = new APICall().ProvisionApi.RenewSymmKey(renewRequest);

            if (renewResult == null)
            {
                return(EnumProvisionStatus.Status.Error);
            }
            if (renewResult.ProvisionStatus != EnumProvisionStatus.Status.Provisioned)
            {
                return(renewResult.ProvisionStatus);
            }

            UpdateComServers(renewResult.ComServers);
            var entropy      = _serviceSetting.GetSetting("entropy");
            var entropyBytes = ServiceDP.CreateRandomEntropy();

            entropy.Value = Convert.ToBase64String(entropyBytes);
            _serviceSetting.UpdateSettingValue(entropy);

            var encryptedKey = ServiceDP.EncryptData(key, true, entropyBytes);
            var keySetting   = _serviceSetting.GetSetting("encryption_key");

            keySetting.Value = Convert.ToBase64String(encryptedKey);
            _serviceSetting.UpdateSettingValue(keySetting);
            return(EnumProvisionStatus.Status.Provisioned);
        }
Esempio n. 4
0
        private EnumProvisionStatus.Status ProvisionStage3()
        {
            var deviceThumbprint = _serviceSetting.GetSetting("device_thumbprint");

            if (string.IsNullOrEmpty(deviceThumbprint.Value))
            {
                //assume stage 2 didn't finish
                return(EnumProvisionStatus.Status.NotStarted);
            }
            var deviceCert = ServiceCertificate.GetCertificateFromStore(deviceThumbprint.Value, StoreName.My);

            if (deviceCert == null)
            {
                return(EnumProvisionStatus.Status.Error);
            }

            var confirmRequest = new DtoConfirmProvisionRequest();

            confirmRequest.Name       = DtoGobalSettings.ClientIdentity.Name;
            confirmRequest.Guid       = _serviceSetting.GetSetting("computer_identifier").Value;
            confirmRequest.DeviceCert = Convert.ToBase64String(deviceCert.RawData);

            var confirmResult = new APICall().ProvisionApi.ConfirmProvisionRequest(confirmRequest);

            if (confirmResult == null)
            {
                return(EnumProvisionStatus.Status.Error);
            }

            if (confirmResult.ProvisionStatus != EnumProvisionStatus.Status.Provisioned)
            {
                return(confirmResult.ProvisionStatus);
            }

            UpdateComServers(confirmResult.ComServers);
            var settingProvisionStatus = _serviceSetting.GetSetting("provision_status");

            settingProvisionStatus.Value = Convert.ToInt16(confirmResult.ProvisionStatus).ToString();
            _serviceSetting.UpdateSettingValue(settingProvisionStatus);
            return(EnumProvisionStatus.Status.Provisioned);
        }
Esempio n. 5
0
        private EnumProvisionStatus.Status ProvisionStage1()
        {
            var response = new APICall().ProvisionApi.GetIntermediateCert(DtoGobalSettings.ClientIdentity.Name);

            if (response == null)
            {
                return(EnumProvisionStatus.Status.Error);
            }
            if (response.ProvisionStatus != EnumProvisionStatus.Status.IntermediateInstalled)
            {
                Logger.Error(response.Message);
                return(response.ProvisionStatus);
            }
            var bytes            = Convert.FromBase64String(response.Certificate);
            var intermediateCert = new X509Certificate2(bytes);

            if (!ServiceCertificate.ValidateCert(intermediateCert))
            {
                return(EnumProvisionStatus.Status.Error);
            }

            if (ServiceCertificate.StoreLocalMachine(intermediateCert, StoreName.CertificateAuthority))
            {
                var settingProvisionStatus = _serviceSetting.GetSetting("provision_status");
                settingProvisionStatus.Value =
                    Convert.ToInt16(EnumProvisionStatus.Status.IntermediateInstalled).ToString();
                _serviceSetting.UpdateSettingValue(settingProvisionStatus);
                var intermediateThumbprint = _serviceSetting.GetSetting("intermediate_thumbprint");
                intermediateThumbprint.Value = intermediateCert.Thumbprint;
                _serviceSetting.UpdateSettingValue(intermediateThumbprint);

                return(EnumProvisionStatus.Status.IntermediateInstalled);
            }

            return(EnumProvisionStatus.Status.Error);
        }
Esempio n. 6
0
        public bool VerifyProvisionStatus()
        {
            Logger.Info("Verifying Client Provision Status");

            var provisionStatusString = _serviceSetting.GetSetting("provision_status");

            EnumProvisionStatus.Status provisionStatus;

            if (string.IsNullOrEmpty(provisionStatusString.Value))
            {
                provisionStatus = EnumProvisionStatus.Status.NotStarted;
            }
            else
            {
                provisionStatus = (EnumProvisionStatus.Status)Convert.ToInt16(provisionStatusString.Value);
            }

            switch (provisionStatus)
            {
            case EnumProvisionStatus.Status.NotStarted:
                //Computer is not provisioned, verify the CA exists
                var caThumbprint = _serviceSetting.GetSetting("ca_thumbprint");
                var ca           = ServiceCertificate.GetCertificateFromStore(caThumbprint.Value, StoreName.Root);
                if (ca == null)
                {
                    Logger.Error("Certificate Authority Could Not Be Found.  Application Cannot Continue.");
                    //Provisioning can never complete without the correct CA, don't return anything, just exit.
                    Task.Delay(10 * 1000).Wait();
                    Environment.Exit(1);
                }
                break;

            case EnumProvisionStatus.Status.PendingConfirmation:
            case EnumProvisionStatus.Status.Provisioned:
                var deviceThumbprint = _serviceSetting.GetSetting("device_thumbprint");
                var deviceCert       = ServiceCertificate.GetCertificateFromStore(deviceThumbprint.Value, StoreName.My);
                if (deviceCert == null)
                {
                    Logger.Error("Device Certificate Could Not Be Found.  Restarting Provisioning Process.");
                    return(false);
                }
                if (!ServiceCertificate.ValidateCert(deviceCert))
                {
                    return(false);
                }
                var clientIdentity = deviceCert.Subject;
                var expectedId     = _serviceSetting.GetSetting("computer_identifier");
                Logger.Debug("Current Expected Identity: " + expectedId.Value);
                Logger.Debug("Current Identity: " + clientIdentity);
                if (!clientIdentity.Contains(expectedId.Value))
                {
                    Logger.Error("The Current Identity Doesn't Match The Expected Identity");
                    return(false);
                }
                break;

            default:
                var intermediateThumbprint = _serviceSetting.GetSetting("intermediate_thumbprint");
                var intermediate           = ServiceCertificate.GetCertificateFromStore(intermediateThumbprint.Value,
                                                                                        StoreName.CertificateAuthority);
                if (intermediate == null)
                {
                    Logger.Error("Intermediate Certificate Could Not Be Found.  Restarting Provisioning Process.");
                    return(false);
                }
                if (!ServiceCertificate.ValidateCert(intermediate))
                {
                    return(false);
                }
                break;
            }

            Logger.Info("Verification Complete");
            return(true);
        }
Esempio n. 7
0
        private EnumProvisionStatus.Status ProvisionStage2()
        {
            var intermediateThumbprint = _serviceSetting.GetSetting("intermediate_thumbprint");

            if (string.IsNullOrEmpty(intermediateThumbprint.Value))
            {
                //assume stage 1 didn't finish
                return(EnumProvisionStatus.Status.NotStarted);
            }
            var intermediate = ServiceCertificate.GetCertificateFromStore(intermediateThumbprint.Value,
                                                                          StoreName.CertificateAuthority);

            if (intermediate == null)
            {
                return(EnumProvisionStatus.Status.NotStarted);
            }
            var key = GenerateSymmKey();

            var provisionRequest = new DtoProvisionRequest();

            provisionRequest.Name           = DtoGobalSettings.ClientIdentity.Name;
            provisionRequest.AdGuid         = new ServiceAD().GetADGuid(provisionRequest.Name);
            provisionRequest.SymmKey        = EncryptDataWithIntermediate(intermediate.PublicKey.Key, key);
            provisionRequest.InstallationId = DtoGobalSettings.ClientIdentity.InstallationId;

            //include some hardware details
            Logger.Debug("Gathering Hardware Details");
            var inventoryCollection = new DtoInventoryCollection();

            new ComputerSystem().Search(inventoryCollection);
            new Bios().Search(inventoryCollection);
            new Processor().Search(inventoryCollection);
            new Nic().Search(inventoryCollection);
            try
            {
                var m = Convert.ToInt64(inventoryCollection.ComputerSystem.TotalPhysicalMemory);
                provisionRequest.Memory = Convert.ToInt32(m / 1024 / 1024);
            }
            catch
            {
                provisionRequest.Memory = 0;
            }

            try
            {
                provisionRequest.Processor = inventoryCollection.Processor.Name;
            }
            catch
            {
                provisionRequest.Processor = string.Empty;
            }

            try
            {
                provisionRequest.SerialNumber = inventoryCollection.Bios.SerialNumber;
            }
            catch
            {
                provisionRequest.SerialNumber = string.Empty;
            }

            try
            {
                provisionRequest.Model = inventoryCollection.ComputerSystem.Model;
            }
            catch
            {
                provisionRequest.Model = string.Empty;
            }

            try
            {
                foreach (var nic in inventoryCollection.NetworkAdapters)
                {
                    provisionRequest.Macs.Add(nic.Mac);
                }
            }
            catch
            {
                //do nothing
            }


            inventoryCollection = null;

            var response = new APICall().ProvisionApi.ProvisionClient(provisionRequest);

            if (response == null)
            {
                return(EnumProvisionStatus.Status.Error);
            }
            if (response.ProvisionStatus == EnumProvisionStatus.Status.Reset)
            {
                Logger.Info("Client Reset Approved.  Starting Reset Process.");
                return(EnumProvisionStatus.Status.Reset);
            }
            if (response.ProvisionStatus == EnumProvisionStatus.Status.FullReset)
            {
                Logger.Info("Client Full Reset Requested.  Starting Full Reset Process.");
                return(EnumProvisionStatus.Status.FullReset);
            }
            if (response.ProvisionStatus == EnumProvisionStatus.Status.PendingReset)
            {
                Logger.Info("Client Is Pending Reset Approval.");
                return(EnumProvisionStatus.Status.PendingReset);
            }
            if (response.ProvisionStatus == EnumProvisionStatus.Status.PendingProvisionApproval)
            {
                Logger.Info("Client Is Pending Provisioning Approval");
                return(EnumProvisionStatus.Status.PendingProvisionApproval);
            }
            if (response.ProvisionStatus == EnumProvisionStatus.Status.PendingPreProvision)
            {
                Logger.Info("Client Has Not Been Pre-Provisioned And The Current Security Policy Requires It.");
                return(EnumProvisionStatus.Status.PendingPreProvision);
            }
            if (response.ProvisionStatus != EnumProvisionStatus.Status.PendingConfirmation)
            {
                return(EnumProvisionStatus.Status.Error);
            }

            var byteCert   = Convert.FromBase64String(response.Certificate);
            var base64Cert = new ServiceSymmetricEncryption().Decrypt(key, byteCert);
            var deviceCert = new X509Certificate2(Convert.FromBase64String(base64Cert));

            if (ServiceCertificate.StoreLocalMachine(deviceCert, StoreName.My))
            {
                var deviceThumbprint = _serviceSetting.GetSetting("device_thumbprint");
                deviceThumbprint.Value = deviceCert.Thumbprint;
                _serviceSetting.UpdateSettingValue(deviceThumbprint);

                var computerIdentifier = _serviceSetting.GetSetting("computer_identifier");
                computerIdentifier.Value             = response.ComputerIdentifier;
                DtoGobalSettings.ClientIdentity.Guid = response.ComputerIdentifier;
                _serviceSetting.UpdateSettingValue(computerIdentifier);

                var entropy      = _serviceSetting.GetSetting("entropy");
                var entropyBytes = ServiceDP.CreateRandomEntropy();
                entropy.Value = Convert.ToBase64String(entropyBytes);
                _serviceSetting.UpdateSettingValue(entropy);

                var encryptedKey = ServiceDP.EncryptData(key, true, entropyBytes);
                var keySetting   = _serviceSetting.GetSetting("encryption_key");
                keySetting.Value = Convert.ToBase64String(encryptedKey);
                _serviceSetting.UpdateSettingValue(keySetting);

                var settingProvisionStatus = _serviceSetting.GetSetting("provision_status");
                settingProvisionStatus.Value = Convert.ToInt16(response.ProvisionStatus).ToString();
                _serviceSetting.UpdateSettingValue(settingProvisionStatus);
            }

            return(EnumProvisionStatus.Status.PendingConfirmation);
        }
Esempio n. 8
0
        private void ResetToec()
        {
            if (!_imagePrepOptions.ResetToec)
            {
                return;
            }
            Logger.Info("Resetting Toec");

            ServiceCertificate.DeleteAllDeviceCertificates();
            ServiceCertificate.DeleteIntermediate();

            var serviceSetting = new ServiceSetting();

            var installationId = serviceSetting.GetSetting("installation_id");

            installationId.Value = null;
            serviceSetting.UpdateSettingValue(installationId);


            var encryptionKey = serviceSetting.GetSetting("encryption_key");

            encryptionKey.Value = null;
            serviceSetting.UpdateSettingValue(encryptionKey);

            var entropy = serviceSetting.GetSetting("entropy");

            entropy.Value = null;
            serviceSetting.UpdateSettingValue(entropy);

            var computerIdentifier = serviceSetting.GetSetting("computer_identifier");

            computerIdentifier.Value = null;
            serviceSetting.UpdateSettingValue(computerIdentifier);

            var deviceThumbprint = serviceSetting.GetSetting("device_thumbprint");

            deviceThumbprint.Value = null;
            serviceSetting.UpdateSettingValue(deviceThumbprint);

            var intermediateThumbprint = serviceSetting.GetSetting("intermediate_thumbprint");

            intermediateThumbprint.Value = null;
            serviceSetting.UpdateSettingValue(intermediateThumbprint);

            new PolicyHistoryServices().DeleteAll();
            new ServiceUserTracker().DeleteAll();
            new ServiceAppMonitor().DeleteAll();

            var provisionStatus = serviceSetting.GetSetting("provision_status");

            provisionStatus.Value = "0";
            serviceSetting.UpdateSettingValue(provisionStatus);


            var updatedStatus = serviceSetting.GetSetting("provision_status");
            var updatedId     = installationId = serviceSetting.GetSetting("installation_id");

            if (!updatedStatus.Value.Equals("0") && !string.IsNullOrEmpty(updatedId.Value))
            {
                Logger.Error("Prepare Image Failed.  Could Not Reset ID's");
            }

            Logger.Info("Finished Resetting Toec");
        }
Esempio n. 9
0
        public bool Run()
        {
            Logger.Info("Preparing Toec For Image: ");
            Logger.Info("Checking Toec Service");
            var servResult = new ServiceSystemService().StopToec();

            if (!servResult)
            {
                Logger.Error("Toec Service Must Be Stopped Before Preparing Image.");
                return(false);
            }

            //Wait another 30 secs for anything to finish
            Logger.Info("Resetting Toec ...");
            System.Threading.Thread.Sleep(30000);

            ServiceCertificate.DeleteAllDeviceCertificates();
            ServiceCertificate.DeleteIntermediate();

            var serviceSetting = new ServiceSetting();

            var installationId = serviceSetting.GetSetting("installation_id");

            installationId.Value = null;
            serviceSetting.UpdateSettingValue(installationId);


            var encryptionKey = serviceSetting.GetSetting("encryption_key");

            encryptionKey.Value = null;
            serviceSetting.UpdateSettingValue(encryptionKey);

            var entropy = serviceSetting.GetSetting("entropy");

            entropy.Value = null;
            serviceSetting.UpdateSettingValue(entropy);

            var computerIdentifier = serviceSetting.GetSetting("computer_identifier");

            computerIdentifier.Value = null;
            serviceSetting.UpdateSettingValue(computerIdentifier);

            var deviceThumbprint = serviceSetting.GetSetting("device_thumbprint");

            deviceThumbprint.Value = null;
            serviceSetting.UpdateSettingValue(deviceThumbprint);

            var intermediateThumbprint = serviceSetting.GetSetting("intermediate_thumbprint");

            intermediateThumbprint.Value = null;
            serviceSetting.UpdateSettingValue(intermediateThumbprint);

            new PolicyHistoryServices().DeleteAll();
            new ServiceUserTracker().DeleteAll();
            new ServiceAppMonitor().DeleteAll();

            var provisionStatus = serviceSetting.GetSetting("provision_status");

            provisionStatus.Value = "0";
            serviceSetting.UpdateSettingValue(provisionStatus);


            var updatedStatus = serviceSetting.GetSetting("provision_status");
            var updatedId     = installationId = serviceSetting.GetSetting("installation_id");

            if (!updatedStatus.Value.Equals("0") && !string.IsNullOrEmpty(updatedId.Value))
            {
                Logger.Error("Prepare Image Failed.  Could Not Reset ID's");
                return(false);
            }


            Logger.Info("Toec Prepare Image Finished");
            return(true);
        }