/// <summary>
/// Sets the protection mode of CONFIRE SHERLOCK
/// </summary>
/// <param name="securityToken">Security token</param>
/// <param name="newMode">New protection mode</param>
/// <exception cref="Exception">if call was not successfull.</exception>
/// <remarks>
/// This change will be effective only after the next reboot of the computer system.
/// </remarks>
public static void SetProtectionMode(string securityToken, ProtectionMode newMode)
{
if (_SetProtectionMode(securityToken, newMode) != 0)
{
throw new Exception();
}
}
/// <summary>
/// Returns the current protection mode of CONFIRE SHERLOCK
/// </summary>
/// <param name="mode">Current protection mode</param>
/// <exception cref="Exception">if call was not successfull.</exception>
public static void GetProtectionMode(out ProtectionMode mode)
{
if (_GetProtectionMode(out mode) != 0)
{
throw new Exception();
}
}
private void ProtectOrUnprotectNode(JObject nodeSource, JObject nodeDest, ProtectionMode mode)
{
foreach (var jProp in nodeSource.Children <JProperty>())
{
if (jProp.Value.Type == JTokenType.Object)
{
var childObj = jProp.Value as JObject;
if (!nodeDest.TryGetValue(jProp.Name, out var destProp))
{
nodeDest.Add(jProp.Name, new JObject());
destProp = nodeDest.GetValue(jProp.Name);
}
ProtectOrUnprotectNode(childObj, destProp as JObject, mode);
}
else if (jProp.Value.Type == JTokenType.Array)
{
if (!nodeDest.ContainsKey(jProp.Name))
{
nodeDest[jProp.Name] = new JArray();
}
foreach (var jToken in (JArray)jProp.Value)
{
var strVal = jToken.Value <string>();
((JArray)nodeDest[jProp.Name]).Add(ProtectOrUnprotectValue(strVal, mode));
}
}
else
{
nodeDest[jProp.Name] = ProtectOrUnprotectValue(jProp.Value.Value <string>(), mode);
}
}
}
public void SetProtection(ProtectionEnable protectionDomainEnable, ProtectionMode protectionDomainMode,
ProtectionEnable protectionEntryEnable, ProtectionMode protectionEntryMode)
{
ProtectionDomainEnable = protectionDomainEnable;
ProtectionDomainMode = protectionDomainMode;
ProtectionEntryEnable = protectionEntryEnable;
ProtectionEntryMode = protectionEntryMode;
}
public void SetProtection(ProtectionEnable protectionDomainEnable, ProtectionMode protectionDomainMode,
ProtectionEnable protectionEntryEnable, ProtectionMode protectionEntryMode)
{
ProtectionDomainEnable = protectionDomainEnable;
ProtectionDomainMode = protectionDomainMode;
ProtectionEntryEnable = protectionEntryEnable;
ProtectionEntryMode = protectionEntryMode;
}
public ProtectionEntry(ProtectionMode mode, EntryType type, string name, string host,
string path, bool unmap)
{
Mode = mode;
Type = type;
Name = name;
Host = host;
Path = path;
Unmap = unmap;
}
public ProtectedCookie(ProtectionMode mode)
{
switch (mode)
{
case ProtectionMode.DPAPI:
SetDpapiTransforms();
return;
case ProtectionMode.MachineKey:
SetMachineKeyTransforms();
return;
default:
throw new ArgumentException("mode");
}
}
public void PathTest()
{
ProtectionMode mode = new ProtectionMode(); // TODO: Initialize to an appropriate value
EntryType type = new EntryType();
string grouporusername = string.Empty; // TODO: Initialize to an appropriate value
string host = string.Empty; // TODO: Initialize to an appropriate value
string path = string.Empty; // TODO: Initialize to an appropriate value
ProtectionEntry target = new ProtectionEntry(mode, type, grouporusername, host, path, false); // TODO: Initialize to an appropriate value
string expected = "//..."; // only adding wide open path
string actual;
target.Path = expected;
actual = target.Path;
Assert.AreEqual(expected, actual);
}
public void HostTest()
{
ProtectionMode mode = new ProtectionMode(); // TODO: Initialize to an appropriate value
EntryType type = EntryType.User;
string grouporusername = string.Empty; // TODO: Initialize to an appropriate value
string host = "win-user_bob"; // only adding host
string path = string.Empty; // TODO: Initialize to an appropriate value
ProtectionEntry target = new ProtectionEntry(mode, type, grouporusername, host, path, false); // TODO: Initialize to an appropriate value
string expected = string.Empty; // TODO: Initialize to an appropriate value
string actual;
target.Host = expected;
actual = target.Host;
Assert.AreEqual(expected, actual);
}
public SelfProtectedCookie(ProtectionMode mode, bool enforceSSL)
{
InitializeHandler(enforceSSL);
switch (mode)
{
case ProtectionMode.DPAPI:
SetDpapiTransforms();
return;
case ProtectionMode.MachineKey:
SetMachineKeyTransforms();
return;
default:
throw new ArgumentException("mode");
}
}
public void ModeTest()
{
ProtectionMode mode = new ProtectionMode(); // TODO: Initialize to an appropriate value
EntryType type = new EntryType();
string grouporusername = string.Empty; // TODO: Initialize to an appropriate value
string host = string.Empty; // TODO: Initialize to an appropriate value
string path = string.Empty; // TODO: Initialize to an appropriate value
ProtectionEntry target = new ProtectionEntry(mode, type, grouporusername, host, path, false); // TODO: Initialize to an appropriate value
ProtectionMode expected = ProtectionMode.Super; // only adding protection mode super
ProtectionMode actual;
target.Mode = expected;
actual = target.Mode;
Assert.AreEqual(expected, actual);
}
public void TypeTest()
{
ProtectionMode mode = new ProtectionMode(); // TODO: Initialize to an appropriate value
EntryType type = EntryType.User;
string grouporusername = string.Empty; // TODO: Initialize to an appropriate value
string host = string.Empty; // TODO: Initialize to an appropriate value
string path = string.Empty; // TODO: Initialize to an appropriate value
ProtectionEntry target = new ProtectionEntry(mode, type, grouporusername, host, path, false); // TODO: Initialize to an appropriate value
EntryType expected = EntryType.User;
EntryType actual;
target.Type = expected;
actual = target.Type;
Assert.AreEqual(expected, actual);
}
public ProtectedCookie(ProtectionMode mode)
{
switch (mode)
{
case ProtectionMode.DPAPI:
SetDpapiTransforms();
return;
case ProtectionMode.MachineKey:
SetMachineKeyTransforms();
return;
default:
throw new ArgumentException("mode");
}
}
private string ProtectOrUnprotectValue(string value, ProtectionMode mode)
{
if (mode == ProtectionMode.Protect)
{
try
{
var temp = _protector.Value.Unprotect(value);
//value already protected
return(value);
}
catch
{
// ignore
}
return(_protector.Value.Protect(value));
}
else
{
return(_protector.Value.Unprotect(value));
}
}
public ProtectedString(string data, ProtectionMode mode)
{
Mode = mode;
RawValue = data;
}
public static PSSecurityAdaptiveApplicationControlsProtectionMode ConvertToPSType(this ProtectionMode value)
{
return(new PSSecurityAdaptiveApplicationControlsProtectionMode()
{
Exe = value.Exe,
Msi = value.Msi,
Script = value.Script
});
}
public ProtectedBytes(byte[] data, ProtectionMode mode)
{
Mode = mode;
RawValue = data;
}
public ProtectedData(byte[] data, ProtectionMode mode = ProtectionMode.Encrypt)
{
RawValue = data;
Mode = mode;
}
private static extern Int32 _GetProtectionMode(out ProtectionMode mode);
private static extern Int32 _SetProtectionMode(string securityToken, ProtectionMode newMode);
