コード例 #1
0
        public bool Reset(string key, string thumbprint)
        {
            Logger.Info("Resetting Server Key");
            var entropy = new byte[16];

            new RNGCryptoServiceProvider().GetBytes(entropy);
            var serverKeyBytes = Encoding.ASCII.GetBytes(key);
            var encryptedKey   = ServiceDP.EncryptData(serverKeyBytes, true, entropy);

            var serviceSetting   = new ServiceSetting();
            var serverKeyEntropy = serviceSetting.GetSetting("server_key_entropy");

            serverKeyEntropy.Value = Convert.ToBase64String(entropy);
            serviceSetting.UpdateSettingValue(serverKeyEntropy);

            var serverKey = serviceSetting.GetSetting("server_key");

            serverKey.Value = Convert.ToBase64String(encryptedKey);
            serviceSetting.UpdateSettingValue(serverKey);


            var caThumbprint = serviceSetting.GetSetting("ca_thumbprint");

            caThumbprint.Value = thumbprint;
            serviceSetting.UpdateSettingValue(caThumbprint);

            Logger.Info("Resetting Server Key Finished");
            return(true);
        }
コード例 #2
0
        private EnumProvisionStatus.Status RenewSymmKey()
        {
            var deviceThumbprint = _serviceSetting.GetSetting("device_thumbprint");

            var deviceCert = ServiceCertificate.GetCertificateFromStore(deviceThumbprint.Value, StoreName.My);

            if (deviceCert == null)
            {
                return(EnumProvisionStatus.Status.Error);
            }

            var key = GenerateSymmKey();

            var renewRequest = new DtoRenewKeyRequest();

            renewRequest.Name       = DtoGobalSettings.ClientIdentity.Name;
            renewRequest.Guid       = DtoGobalSettings.ClientIdentity.Guid;
            renewRequest.DeviceCert = Convert.ToBase64String(deviceCert.RawData);
            renewRequest.SymmKey    = Convert.ToBase64String(key);

            var renewResult = new APICall().ProvisionApi.RenewSymmKey(renewRequest);

            if (renewResult == null)
            {
                return(EnumProvisionStatus.Status.Error);
            }
            if (renewResult.ProvisionStatus != EnumProvisionStatus.Status.Provisioned)
            {
                return(renewResult.ProvisionStatus);
            }

            UpdateComServers(renewResult.ComServers);
            var entropy      = _serviceSetting.GetSetting("entropy");
            var entropyBytes = ServiceDP.CreateRandomEntropy();

            entropy.Value = Convert.ToBase64String(entropyBytes);
            _serviceSetting.UpdateSettingValue(entropy);

            var encryptedKey = ServiceDP.EncryptData(key, true, entropyBytes);
            var keySetting   = _serviceSetting.GetSetting("encryption_key");

            keySetting.Value = Convert.ToBase64String(encryptedKey);
            _serviceSetting.UpdateSettingValue(keySetting);
            return(EnumProvisionStatus.Status.Provisioned);
        }
コード例 #3
0
        private EnumProvisionStatus.Status ProvisionStage2()
        {
            var intermediateThumbprint = _serviceSetting.GetSetting("intermediate_thumbprint");

            if (string.IsNullOrEmpty(intermediateThumbprint.Value))
            {
                //assume stage 1 didn't finish
                return(EnumProvisionStatus.Status.NotStarted);
            }
            var intermediate = ServiceCertificate.GetCertificateFromStore(intermediateThumbprint.Value,
                                                                          StoreName.CertificateAuthority);

            if (intermediate == null)
            {
                return(EnumProvisionStatus.Status.NotStarted);
            }
            var key = GenerateSymmKey();

            var provisionRequest = new DtoProvisionRequest();

            provisionRequest.Name           = DtoGobalSettings.ClientIdentity.Name;
            provisionRequest.AdGuid         = new ServiceAD().GetADGuid(provisionRequest.Name);
            provisionRequest.SymmKey        = EncryptDataWithIntermediate(intermediate.PublicKey.Key, key);
            provisionRequest.InstallationId = DtoGobalSettings.ClientIdentity.InstallationId;

            //include some hardware details
            Logger.Debug("Gathering Hardware Details");
            var inventoryCollection = new DtoInventoryCollection();

            new ComputerSystem().Search(inventoryCollection);
            new Bios().Search(inventoryCollection);
            new Processor().Search(inventoryCollection);
            new Nic().Search(inventoryCollection);
            try
            {
                var m = Convert.ToInt64(inventoryCollection.ComputerSystem.TotalPhysicalMemory);
                provisionRequest.Memory = Convert.ToInt32(m / 1024 / 1024);
            }
            catch
            {
                provisionRequest.Memory = 0;
            }

            try
            {
                provisionRequest.Processor = inventoryCollection.Processor.Name;
            }
            catch
            {
                provisionRequest.Processor = string.Empty;
            }

            try
            {
                provisionRequest.SerialNumber = inventoryCollection.Bios.SerialNumber;
            }
            catch
            {
                provisionRequest.SerialNumber = string.Empty;
            }

            try
            {
                provisionRequest.Model = inventoryCollection.ComputerSystem.Model;
            }
            catch
            {
                provisionRequest.Model = string.Empty;
            }

            try
            {
                foreach (var nic in inventoryCollection.NetworkAdapters)
                {
                    provisionRequest.Macs.Add(nic.Mac);
                }
            }
            catch
            {
                //do nothing
            }


            inventoryCollection = null;

            var response = new APICall().ProvisionApi.ProvisionClient(provisionRequest);

            if (response == null)
            {
                return(EnumProvisionStatus.Status.Error);
            }
            if (response.ProvisionStatus == EnumProvisionStatus.Status.Reset)
            {
                Logger.Info("Client Reset Approved.  Starting Reset Process.");
                return(EnumProvisionStatus.Status.Reset);
            }
            if (response.ProvisionStatus == EnumProvisionStatus.Status.FullReset)
            {
                Logger.Info("Client Full Reset Requested.  Starting Full Reset Process.");
                return(EnumProvisionStatus.Status.FullReset);
            }
            if (response.ProvisionStatus == EnumProvisionStatus.Status.PendingReset)
            {
                Logger.Info("Client Is Pending Reset Approval.");
                return(EnumProvisionStatus.Status.PendingReset);
            }
            if (response.ProvisionStatus == EnumProvisionStatus.Status.PendingProvisionApproval)
            {
                Logger.Info("Client Is Pending Provisioning Approval");
                return(EnumProvisionStatus.Status.PendingProvisionApproval);
            }
            if (response.ProvisionStatus == EnumProvisionStatus.Status.PendingPreProvision)
            {
                Logger.Info("Client Has Not Been Pre-Provisioned And The Current Security Policy Requires It.");
                return(EnumProvisionStatus.Status.PendingPreProvision);
            }
            if (response.ProvisionStatus != EnumProvisionStatus.Status.PendingConfirmation)
            {
                return(EnumProvisionStatus.Status.Error);
            }

            var byteCert   = Convert.FromBase64String(response.Certificate);
            var base64Cert = new ServiceSymmetricEncryption().Decrypt(key, byteCert);
            var deviceCert = new X509Certificate2(Convert.FromBase64String(base64Cert));

            if (ServiceCertificate.StoreLocalMachine(deviceCert, StoreName.My))
            {
                var deviceThumbprint = _serviceSetting.GetSetting("device_thumbprint");
                deviceThumbprint.Value = deviceCert.Thumbprint;
                _serviceSetting.UpdateSettingValue(deviceThumbprint);

                var computerIdentifier = _serviceSetting.GetSetting("computer_identifier");
                computerIdentifier.Value             = response.ComputerIdentifier;
                DtoGobalSettings.ClientIdentity.Guid = response.ComputerIdentifier;
                _serviceSetting.UpdateSettingValue(computerIdentifier);

                var entropy      = _serviceSetting.GetSetting("entropy");
                var entropyBytes = ServiceDP.CreateRandomEntropy();
                entropy.Value = Convert.ToBase64String(entropyBytes);
                _serviceSetting.UpdateSettingValue(entropy);

                var encryptedKey = ServiceDP.EncryptData(key, true, entropyBytes);
                var keySetting   = _serviceSetting.GetSetting("encryption_key");
                keySetting.Value = Convert.ToBase64String(encryptedKey);
                _serviceSetting.UpdateSettingValue(keySetting);

                var settingProvisionStatus = _serviceSetting.GetSetting("provision_status");
                settingProvisionStatus.Value = Convert.ToInt16(response.ProvisionStatus).ToString();
                _serviceSetting.UpdateSettingValue(settingProvisionStatus);
            }

            return(EnumProvisionStatus.Status.PendingConfirmation);
        }