public bool Reset(string key, string thumbprint) { Logger.Info("Resetting Server Key"); var entropy = new byte[16]; new RNGCryptoServiceProvider().GetBytes(entropy); var serverKeyBytes = Encoding.ASCII.GetBytes(key); var encryptedKey = ServiceDP.EncryptData(serverKeyBytes, true, entropy); var serviceSetting = new ServiceSetting(); var serverKeyEntropy = serviceSetting.GetSetting("server_key_entropy"); serverKeyEntropy.Value = Convert.ToBase64String(entropy); serviceSetting.UpdateSettingValue(serverKeyEntropy); var serverKey = serviceSetting.GetSetting("server_key"); serverKey.Value = Convert.ToBase64String(encryptedKey); serviceSetting.UpdateSettingValue(serverKey); var caThumbprint = serviceSetting.GetSetting("ca_thumbprint"); caThumbprint.Value = thumbprint; serviceSetting.UpdateSettingValue(caThumbprint); Logger.Info("Resetting Server Key Finished"); return(true); }
private EnumProvisionStatus.Status RenewSymmKey() { var deviceThumbprint = _serviceSetting.GetSetting("device_thumbprint"); var deviceCert = ServiceCertificate.GetCertificateFromStore(deviceThumbprint.Value, StoreName.My); if (deviceCert == null) { return(EnumProvisionStatus.Status.Error); } var key = GenerateSymmKey(); var renewRequest = new DtoRenewKeyRequest(); renewRequest.Name = DtoGobalSettings.ClientIdentity.Name; renewRequest.Guid = DtoGobalSettings.ClientIdentity.Guid; renewRequest.DeviceCert = Convert.ToBase64String(deviceCert.RawData); renewRequest.SymmKey = Convert.ToBase64String(key); var renewResult = new APICall().ProvisionApi.RenewSymmKey(renewRequest); if (renewResult == null) { return(EnumProvisionStatus.Status.Error); } if (renewResult.ProvisionStatus != EnumProvisionStatus.Status.Provisioned) { return(renewResult.ProvisionStatus); } UpdateComServers(renewResult.ComServers); var entropy = _serviceSetting.GetSetting("entropy"); var entropyBytes = ServiceDP.CreateRandomEntropy(); entropy.Value = Convert.ToBase64String(entropyBytes); _serviceSetting.UpdateSettingValue(entropy); var encryptedKey = ServiceDP.EncryptData(key, true, entropyBytes); var keySetting = _serviceSetting.GetSetting("encryption_key"); keySetting.Value = Convert.ToBase64String(encryptedKey); _serviceSetting.UpdateSettingValue(keySetting); return(EnumProvisionStatus.Status.Provisioned); }
private EnumProvisionStatus.Status ProvisionStage2() { var intermediateThumbprint = _serviceSetting.GetSetting("intermediate_thumbprint"); if (string.IsNullOrEmpty(intermediateThumbprint.Value)) { //assume stage 1 didn't finish return(EnumProvisionStatus.Status.NotStarted); } var intermediate = ServiceCertificate.GetCertificateFromStore(intermediateThumbprint.Value, StoreName.CertificateAuthority); if (intermediate == null) { return(EnumProvisionStatus.Status.NotStarted); } var key = GenerateSymmKey(); var provisionRequest = new DtoProvisionRequest(); provisionRequest.Name = DtoGobalSettings.ClientIdentity.Name; provisionRequest.AdGuid = new ServiceAD().GetADGuid(provisionRequest.Name); provisionRequest.SymmKey = EncryptDataWithIntermediate(intermediate.PublicKey.Key, key); provisionRequest.InstallationId = DtoGobalSettings.ClientIdentity.InstallationId; //include some hardware details Logger.Debug("Gathering Hardware Details"); var inventoryCollection = new DtoInventoryCollection(); new ComputerSystem().Search(inventoryCollection); new Bios().Search(inventoryCollection); new Processor().Search(inventoryCollection); new Nic().Search(inventoryCollection); try { var m = Convert.ToInt64(inventoryCollection.ComputerSystem.TotalPhysicalMemory); provisionRequest.Memory = Convert.ToInt32(m / 1024 / 1024); } catch { provisionRequest.Memory = 0; } try { provisionRequest.Processor = inventoryCollection.Processor.Name; } catch { provisionRequest.Processor = string.Empty; } try { provisionRequest.SerialNumber = inventoryCollection.Bios.SerialNumber; } catch { provisionRequest.SerialNumber = string.Empty; } try { provisionRequest.Model = inventoryCollection.ComputerSystem.Model; } catch { provisionRequest.Model = string.Empty; } try { foreach (var nic in inventoryCollection.NetworkAdapters) { provisionRequest.Macs.Add(nic.Mac); } } catch { //do nothing } inventoryCollection = null; var response = new APICall().ProvisionApi.ProvisionClient(provisionRequest); if (response == null) { return(EnumProvisionStatus.Status.Error); } if (response.ProvisionStatus == EnumProvisionStatus.Status.Reset) { Logger.Info("Client Reset Approved. Starting Reset Process."); return(EnumProvisionStatus.Status.Reset); } if (response.ProvisionStatus == EnumProvisionStatus.Status.FullReset) { Logger.Info("Client Full Reset Requested. Starting Full Reset Process."); return(EnumProvisionStatus.Status.FullReset); } if (response.ProvisionStatus == EnumProvisionStatus.Status.PendingReset) { Logger.Info("Client Is Pending Reset Approval."); return(EnumProvisionStatus.Status.PendingReset); } if (response.ProvisionStatus == EnumProvisionStatus.Status.PendingProvisionApproval) { Logger.Info("Client Is Pending Provisioning Approval"); return(EnumProvisionStatus.Status.PendingProvisionApproval); } if (response.ProvisionStatus == EnumProvisionStatus.Status.PendingPreProvision) { Logger.Info("Client Has Not Been Pre-Provisioned And The Current Security Policy Requires It."); return(EnumProvisionStatus.Status.PendingPreProvision); } if (response.ProvisionStatus != EnumProvisionStatus.Status.PendingConfirmation) { return(EnumProvisionStatus.Status.Error); } var byteCert = Convert.FromBase64String(response.Certificate); var base64Cert = new ServiceSymmetricEncryption().Decrypt(key, byteCert); var deviceCert = new X509Certificate2(Convert.FromBase64String(base64Cert)); if (ServiceCertificate.StoreLocalMachine(deviceCert, StoreName.My)) { var deviceThumbprint = _serviceSetting.GetSetting("device_thumbprint"); deviceThumbprint.Value = deviceCert.Thumbprint; _serviceSetting.UpdateSettingValue(deviceThumbprint); var computerIdentifier = _serviceSetting.GetSetting("computer_identifier"); computerIdentifier.Value = response.ComputerIdentifier; DtoGobalSettings.ClientIdentity.Guid = response.ComputerIdentifier; _serviceSetting.UpdateSettingValue(computerIdentifier); var entropy = _serviceSetting.GetSetting("entropy"); var entropyBytes = ServiceDP.CreateRandomEntropy(); entropy.Value = Convert.ToBase64String(entropyBytes); _serviceSetting.UpdateSettingValue(entropy); var encryptedKey = ServiceDP.EncryptData(key, true, entropyBytes); var keySetting = _serviceSetting.GetSetting("encryption_key"); keySetting.Value = Convert.ToBase64String(encryptedKey); _serviceSetting.UpdateSettingValue(keySetting); var settingProvisionStatus = _serviceSetting.GetSetting("provision_status"); settingProvisionStatus.Value = Convert.ToInt16(response.ProvisionStatus).ToString(); _serviceSetting.UpdateSettingValue(settingProvisionStatus); } return(EnumProvisionStatus.Status.PendingConfirmation); }