public void ResponseMessage(long ID, MessageResponse Response)
{
if (SyncPolicy.RequestCertPolicyMessageID == ID)
{
if (Response == MessageResponse.Button2) //Nö
{
Status.UpdateMessage2();
return;
}
if (Response == MessageResponse.Button3) //?!?
{
return;
}
if (Response == MessageResponse.Button1) //Yes
{
FilesystemData.InstallCertificate(SyncPolicy.RequestCertPolicyCERData);
InvokeMessage(MessageInvoke.ReloadPolicies);
}
}
}
public static bool DoSyncPolicy()
{
RequestCertPolicyID = 0;
RequestCertPolicyMessageID = 0;
RequestCertPolicyCERData = null;
List <Int64> ProcessedPolicies = new List <long>();
Network net;
net = Utilities.ConnectNetwork(9);
if (net == null)
{
return(false);
}
Status.UpdateMessage(9, "Downloading client settings");
FoxEventLog.VerboseWriteEventLog("Downloading client settings", System.Diagnostics.EventLogEntryType.Information);
ClientSettings settings = net.GetClientSettings();
if (settings != null)
{
RegistryData.AdministratorName = settings.AdministratorName;
RegistryData.MessageDisclaimer = settings.MessageDisclaimer;
}
Status.UpdateMessage(9, "Downloading policies");
FoxEventLog.VerboseWriteEventLog("Downloading policies", System.Diagnostics.EventLogEntryType.Information);
PolicyObjectListSigned policieslistsigned = net.GetPoliciesForComputer();
List <PolicyObjectSigned> policies = policieslistsigned == null ? null : policieslistsigned.Items;
if (policies == null)
{
FoxEventLog.VerboseWriteEventLog("Downloading policies - nix", System.Diagnostics.EventLogEntryType.Information);
Status.UpdateMessage(9);
net.CloseConnection();
return(true);
}
if (FilesystemData.LoadedCertificates.Count > 0)
{
bool SignatureOK = false;
foreach (FilesystemCertificateData cer in FilesystemData.LoadedCertificates)
{
if (Certificates.Verify(policieslistsigned, cer.Certificate) == true)
{
SignatureOK = true;
break;
}
}
if (SignatureOK == false)
{
FoxEventLog.WriteEventLog("Invalid signature for PolicyList - no policies will be processed.", System.Diagnostics.EventLogEntryType.Error);
net.CloseConnection();
return(true);
}
}
if (RegistryData.Verbose == 1)
{
string data = "Got policy:\r\n";
foreach (PolicyObjectSigned obj in policies)
{
data += obj.Policy.Name + " [ID: " + obj.Policy.ID + " VER: " + obj.Policy.Version + "]\r\n";
}
FoxEventLog.VerboseWriteEventLog("Downloading policies " + data, System.Diagnostics.EventLogEntryType.Information);
}
if (FilesystemData.LoadedCertificates.Count > 0)
{
foreach (PolicyObjectSigned obj in policies)
{
if (ApplicationCertificate.Verify(obj) == false)
{
FoxEventLog.WriteEventLog("One or more policies were tampered - no policies will be processed.", System.Diagnostics.EventLogEntryType.Error);
net.CloseConnection();
return(true);
}
}
}
#region Certificate Checks
foreach (PolicyObjectSigned obj in policies)
{
if (obj.Policy.Type == PolicyIDs.SignCertificate)
{
if (FilesystemData.ContainsPolicy(obj.Policy, false, false) == true)
{
continue;
}
PolicyObjectSigned objj = net.GetPolicyObjectSigned(obj.Policy.ID);
//do not verify signing here - that won't work! - Fox
PolicySigningCertificates Cert = JsonConvert.DeserializeObject <PolicySigningCertificates>(objj.Policy.Data);
if (FilesystemData.ContainsLoadedCert(Convert.FromBase64String(Cert.UUCerFile)) == true)
{
continue;
}
bool sig = Certificates.Verify(Convert.FromBase64String(Cert.UUCerFile), Convert.FromBase64String(Cert.UUSignFile), InternalCertificate.Main);
if (sig == false)
{
RequestCertPolicyID = objj.Policy.ID;
RequestCertPolicyCERData = Convert.FromBase64String(Cert.UUCerFile);
string CN = Certificates.GetCN(Convert.FromBase64String(Cert.UUCerFile));
if (CN == null)
{
FoxEventLog.WriteEventLog("Invalid certificate from server (Policy ID=" + objj.Policy.ID.ToString() + " Name=" + objj.Policy.Name + ")", System.Diagnostics.EventLogEntryType.Error);
continue;
}
Status.RequestCertificateConfirm("The certificate with " + CN + " is not signed by Vulpes. This may that someone tampered the connection, or a false certificate is installed on the server.\nDo you want to continue, and trust this certificate?", RequestCertPolicyID);
RequestCertPolicyMessageID = Status.MessageID;
FoxEventLog.WriteEventLog("Got unsinged certificate (Policy ID=" + objj.Policy.ID.ToString() + " Name=" + objj.Policy.Name + " " + CN + ")", System.Diagnostics.EventLogEntryType.Warning);
}
else
{
string CN = Certificates.GetCN(Convert.FromBase64String(Cert.UUCerFile));
if (CN == null)
{
FoxEventLog.WriteEventLog("Invalid (Vulpes signed) certificate from server (Policy ID=" + objj.Policy.ID.ToString() + " Name=" + objj.Policy.Name + ")", System.Diagnostics.EventLogEntryType.Error);
continue;
}
FilesystemData.InstallCertificate(Convert.FromBase64String(Cert.UUCerFile));
}
}
}
#endregion
if (FilesystemData.LoadedCertificates.Count > 0)
{
foreach (PolicyObjectSigned obj in policies)
{
if (FilesystemData.ContainsPolicy(obj.Policy, false, false) == true)
{
if (ProcessedPolicies.Contains(obj.Policy.ID) == false)
{
ProcessedPolicies.Add(obj.Policy.ID);
}
FilesystemData.UpdatePolicyOrder(obj.Policy, obj.Policy.Order);
continue;
}
PolicyObjectSigned objj = net.GetPolicyObjectSigned(obj.Policy.ID);
if (objj == null)
{
FoxEventLog.WriteEventLog("No data for policy - not applying (Policy ID=" + obj.Policy.ID.ToString() + " Name=" + obj.Policy.Name + ")", System.Diagnostics.EventLogEntryType.Error);
continue;
}
if (ApplicationCertificate.Verify(objj) == false)
{
FoxEventLog.WriteEventLog("Policy was tampered - not applying (Policy ID=" + objj.Policy.ID.ToString() + " Name=" + objj.Policy.Name + ")", System.Diagnostics.EventLogEntryType.Error);
continue;
}
if (FilesystemData.InstallPolicy(objj.Policy, obj.Policy.Order) == false)
{
continue;
}
if (ProcessedPolicies.Contains(obj.Policy.ID) == false)
{
ProcessedPolicies.Add(obj.Policy.ID);
}
}
List <LoadedPolicyObject> RemovePol = new List <LoadedPolicyObject>();
foreach (LoadedPolicyObject lobj in FilesystemData.LoadedPolicyObjects)
{
if (ProcessedPolicies.Contains(lobj.PolicyObject.ID) == false)
{
RemovePol.Add(lobj);
}
}
foreach (LoadedPolicyObject lobj in RemovePol)
{
FilesystemData.DeletePolicy(lobj);
}
}
net.CloseConnection();
if (RequestCertPolicyID == 0)
{
Status.UpdateMessage(9);
}
FoxEventLog.VerboseWriteEventLog("Downloading policies - DONE", System.Diagnostics.EventLogEntryType.Information);
return(true);
}