/// ----------------------------------------------------------------------------------------
/// <summary>
/// Encrypt preferences using a password
/// </summary>
/// ----------------------------------------------------------------------------------------
// Encrypt preferences using a password
public static byte[] EncryptDataUsingPassword(byte[] data, string password, bool passwordIsHash, SEBSettings.sebConfigPurposes configPurpose)
{
string prefixString;
// Check if .seb file should start exam or configure client
if (configPurpose == SEBSettings.sebConfigPurposes.sebConfigPurposeStartingExam)
{
// prefix string for starting exam: normal password will be prompted
prefixString = PASSWORD_MODE;
}
else
{
// prefix string for configuring client: configuring password will either be hashed admin pw on client
// or if no admin pw on client set: empty pw
prefixString = PASSWORD_CONFIGURING_CLIENT_MODE;
if (!String.IsNullOrEmpty(password) && !passwordIsHash)
{
//empty password means no admin pw on clients and should not be hashed
//or we got already a hashed admin pw as settings pw, then we don't hash again
password = SEBProtectionController.ComputePasswordHash(password);
}
}
byte[] encryptedData = SEBProtectionController.EncryptDataWithPassword(data, password);
// Create byte array large enough to hold prefix and data
byte[] encryptedSebData = new byte[encryptedData.Length + PREFIX_LENGTH];
Buffer.BlockCopy(Encoding.UTF8.GetBytes(prefixString), 0, encryptedSebData, 0, PREFIX_LENGTH);
Buffer.BlockCopy(encryptedData, 0, encryptedSebData, PREFIX_LENGTH, encryptedData.Length);
return(encryptedSebData);
}
public static byte[] EncryptDataUsingPassword(byte[] data, string password, bool passwordIsHash, SEBSettings.sebConfigPurposes configPurpose)
{
string s;
if (configPurpose == SEBSettings.sebConfigPurposes.sebConfigPurposeStartingExam)
{
s = "pswd";
}
else
{
s = "pwcc";
if (!string.IsNullOrEmpty(password) && !passwordIsHash)
{
password = SEBProtectionController.ComputePasswordHash(password);
}
}
byte[] numArray1 = SEBProtectionController.EncryptDataWithPassword(data, password);
byte[] numArray2 = new byte[numArray1.Length + 4];
Buffer.BlockCopy((Array)Encoding.UTF8.GetBytes(s), 0, (Array)numArray2, 0, 4);
Buffer.BlockCopy((Array)numArray1, 0, (Array)numArray2, 4, numArray1.Length);
return(numArray2);
}
///// ----------------------------------------------------------------------------------------
///// <summary>
///// Show SEB Password Dialog Form.
///// </summary>
///// ----------------------------------------------------------------------------------------
//public static string ShowPasswordDialogForm(string title, string passwordRequestText)
//{
// // Set the title of the dialog window
// sebPasswordDialogForm.Text = title;
// // Set the text of the dialog
// sebPasswordDialogForm.LabelText = passwordRequestText;
// sebPasswordDialogForm.txtSEBPassword.Focus();
// // If we are running in SebWindowsClient we need to activate it before showing the password dialog
// if (SEBClientInfo.SebWindowsClientForm != null) SebWindowsClientForm.SEBToForeground(); //SEBClientInfo.SebWindowsClientForm.Activate();
// // Show password dialog as a modal dialog and determine if DialogResult = OK.
// if (sebPasswordDialogForm.ShowDialog() == DialogResult.OK)
// {
// // Read the contents of testDialog's TextBox.
// string password = sebPasswordDialogForm.txtSEBPassword.Text;
// sebPasswordDialogForm.txtSEBPassword.Text = "";
// //sebPasswordDialogForm.txtSEBPassword.Focus();
// return password;
// }
// else
// {
// return null;
// }
//}
/// Generate Encrypted .seb Settings Data
/// ----------------------------------------------------------------------------------------
/// <summary>
/// Read SEB settings from UserDefaults and encrypt them using provided security credentials
/// </summary>
/// ----------------------------------------------------------------------------------------
public static byte[] EncryptSEBSettingsWithCredentials(string settingsPassword, bool passwordIsHash, X509Certificate2 certificateRef, bool useAsymmetricOnlyEncryption, SEBSettings.sebConfigPurposes configPurpose, bool forEditing)
{
// Get current settings dictionary and clean it from empty arrays and dictionaries
//DictObj cleanedCurrentSettings = SEBSettings.CleanSettingsDictionary();
// Serialize preferences dictionary to an XML string
string sebXML = Plist.writeXml(SEBSettings.settingsCurrent);
string cleanedSebXML = sebXML.Replace("<array />", "<array></array>");
cleanedSebXML = cleanedSebXML.Replace("<dict />", "<dict></dict>");
cleanedSebXML = cleanedSebXML.Replace("<data />", "<data></data>");
byte[] encryptedSebData = Encoding.UTF8.GetBytes(cleanedSebXML);
string encryptingPassword = null;
// Check for special case: .seb configures client, empty password
if (String.IsNullOrEmpty(settingsPassword) && configPurpose == SEBSettings.sebConfigPurposes.sebConfigPurposeConfiguringClient)
{
encryptingPassword = "";
}
else
{
// in all other cases:
// Check if no password entered and no identity selected
if (String.IsNullOrEmpty(settingsPassword) && certificateRef == null)
{
if (MessageBox.Show(SEBUIStrings.noEncryptionChosen, SEBUIStrings.noEncryptionChosenSaveUnencrypted, MessageBoxButtons.YesNo, MessageBoxIcon.Question) == DialogResult.Yes)
{
// OK: save .seb config data unencrypted
return(encryptedSebData);
}
else
{
return(null);
}
}
}
// gzip the serialized XML data
encryptedSebData = GZipByte.Compress(encryptedSebData);
// Check if password for encryption is provided and use it then
if (!String.IsNullOrEmpty(settingsPassword))
{
encryptingPassword = settingsPassword;
}
// So if password is empty (special case) or provided
if (!(encryptingPassword == null))
{
// encrypt with password
encryptedSebData = EncryptDataUsingPassword(encryptedSebData, encryptingPassword, passwordIsHash, configPurpose);
}
else
{
// Create byte array large enough to hold prefix and data
byte[] encryptedData = new byte[encryptedSebData.Length + PREFIX_LENGTH];
// if no encryption with password: Add a 4-char prefix identifying plain data
string prefixString = PLAIN_DATA_MODE;
Buffer.BlockCopy(Encoding.UTF8.GetBytes(prefixString), 0, encryptedData, 0, PREFIX_LENGTH);
// append plain data
Buffer.BlockCopy(encryptedSebData, 0, encryptedData, PREFIX_LENGTH, encryptedSebData.Length);
encryptedSebData = (byte[])encryptedData.Clone();
}
// Check if cryptographic identity for encryption is selected
if (certificateRef != null)
{
// Encrypt preferences using a cryptographic identity
encryptedSebData = EncryptDataUsingIdentity(encryptedSebData, certificateRef, useAsymmetricOnlyEncryption);
}
// gzip the encrypted data
encryptedSebData = GZipByte.Compress(encryptedSebData);
return(encryptedSebData);
}
public static byte[] EncryptSEBSettingsWithCredentials(string settingsPassword, bool passwordIsHash, X509Certificate2 certificateRef, SEBSettings.sebConfigPurposes configPurpose, bool forEditing)
{
byte[] bytes = Encoding.UTF8.GetBytes(Plist.writeXml((object)SEBSettings.settingsCurrent).Replace("<array />", "<array></array>").Replace("<dict />", "<dict></dict>").Replace("<data />", "<data></data>"));
string password = (string)null;
if (string.IsNullOrEmpty(settingsPassword) && configPurpose == SEBSettings.sebConfigPurposes.sebConfigPurposeConfiguringClient)
{
password = "";
}
else if (string.IsNullOrEmpty(settingsPassword) && certificateRef == null)
{
if (SEBMessageBox.Show(SEBUIStrings.noEncryptionChosen, SEBUIStrings.noEncryptionChosenSaveUnencrypted, MessageBoxIcon.Question, MessageBoxButtons.YesNo, forEditing) == DialogResult.Yes)
{
return(bytes);
}
return((byte[])null);
}
byte[] data = GZipByte.Compress(bytes);
if (!string.IsNullOrEmpty(settingsPassword))
{
password = settingsPassword;
}
byte[] numArray1;
if (password != null)
{
numArray1 = SEBConfigFileManager.EncryptDataUsingPassword(data, password, passwordIsHash, configPurpose);
}
else
{
byte[] numArray2 = new byte[data.Length + 4];
Buffer.BlockCopy((Array)Encoding.UTF8.GetBytes("plnd"), 0, (Array)numArray2, 0, 4);
Buffer.BlockCopy((Array)data, 0, (Array)numArray2, 4, data.Length);
numArray1 = (byte[])numArray2.Clone();
}
if (certificateRef != null)
{
numArray1 = SEBConfigFileManager.EncryptDataUsingIdentity(numArray1, certificateRef);
}
return(GZipByte.Compress(numArray1));
}