static void Main(string[] args) { try { Logger.Initialize(); byte[] data = "Hello world".GetBytes(); SignKeys signKeys = DataSigner.GenerateSignKeyPair(); byte[] signature = DataSigner.Sign(data, signKeys.PublicAndPrivate); bool valid = DataSigner.IsSignatureValid(data, signature, signKeys.PublicOnly); Console.WriteLine(valid ? "Valid" : "NOT Valid"); data[0] = 41; valid = DataSigner.IsSignatureValid(data, signature, signKeys.PublicOnly); Console.WriteLine(valid ? "Valid" : "NOT Valid"); data[0] = "H".GetBytes()[0]; valid = DataSigner.IsSignatureValid(data, signature, signKeys.PublicOnly); Console.WriteLine(valid ? "Valid" : "NOT Valid"); } catch (Exception e) { Logger.LogError("Unhandled exception", e); Console.WriteLine("Error: " + e.Message); } Console.WriteLine("Press a key to exit"); Console.ReadKey(); }
public bool VerifyIntegrity(Guid userId, Guid dataEntityId) { AssertSystemIsInitialized(); User user = GetAssertUser(userId); IList <Role> roles = this.storage.GetRolesForUser(user.Id); bool userHasRoleWhichHasDataEntity = roles.Any(role => role.DataEntities.Contains(dataEntityId)); if (!userHasRoleWhichHasDataEntity) { throw new InvalidOperationException("You do not have a role which gives access to the requested data entity"); } DataEntity dataEntity = this.storage.GetDataEntityFromId(dataEntityId); if (dataEntity == null) { throw new InvalidOperationException("Data entity with specified id was not found"); } Guid authorId = this.storage.GetAuthorOfDataEntity(dataEntityId); User authoringUser = this.storage.GetUser(authorId); dataEntity.Payload.Content = this.storage.GetDataEntityPayloadFromId(dataEntityId); return(DataSigner.IsSignatureValid(dataEntity, dataEntity.Signature, authoringUser.SignPublicKey)); }
public void Insert(Guid userId, DataEntity dataEntity) { if (userId == Guid.Empty) { throw new ArgumentException("userId"); } CheckDataEntity(dataEntity); GetDelegationKey(userId); // check that the user has a key (is still valid) byte[] signPublicKey = this.tokenStorage.FindSignPublicKey(userId); if (signPublicKey == null) { throw new InvalidOperationException("Cannot insert data as no sign key is registered for the user"); } if (!DataSigner.IsSignatureValid(dataEntity, dataEntity.Signature, signPublicKey)) { throw new InvalidOperationException("The data signature is not valid"); } // TODO: check access rights) this.dataEntityStorage.InsertDataEntity(userId, dataEntity); }
private void buttonGenerateAndSaveMasterKeypair_Click(object sender, EventArgs e) { try { if (string.IsNullOrEmpty(this.textBoxDOUsername.Text)) { MessageBox.Show("You must enter a DO user name"); return; } if (string.IsNullOrEmpty(this.textBoxDORoleName.Text)) { MessageBox.Show("You must enter a DO role name"); return; } IPreService proxy = GetPreProxy(); this.masterKeypair = proxy.GenerateKeyPair(); SignKeys doSignKeyPair = DataSigner.GenerateSignKeyPair(); proxy = GetPreProxy(); byte[] doUserName = proxy.Encrypt(this.masterKeypair.Public, this.textBoxDOUsername.Text.GetBytes()); proxy = GetPreProxy(); byte[] doRoleName = proxy.Encrypt(this.masterKeypair.Public, this.textBoxDORoleName.Text.GetBytes()); IGatewayService gwProxy = GetServiceProxy(); gwProxy.InitializeSystem(this.myId, doUserName, doRoleName, doSignKeyPair.PublicOnly); string filename = FileDialogs.AskUserForFileNameToSaveIn(); if (!string.IsNullOrEmpty(filename)) { if (!Path.HasExtension(filename)) { filename = filename + ".xml"; } KeyCollection keys = new KeyCollection(); keys.MasterPublicKey = Convert.ToBase64String(this.masterKeypair.Public); keys.MasterPrivateKey = Convert.ToBase64String(this.masterKeypair.Private); keys.PrivateKey = keys.MasterPrivateKey; keys.PublicKey = keys.MasterPublicKey; keys.SignKeys = Convert.ToBase64String(doSignKeyPair.PublicAndPrivate); XmlFile.WriteFile(keys, filename); this.labelKeyStatus.Text = "Keys including MASTER KEYS loaded"; MessageBox.Show("Done"); } } catch (Exception ex) { MessageBox.Show("Error: " + ex.Message); Logger.LogError("Error generating master keypair", ex); } }
private void buttonUploadNow_Click(object sender, EventArgs e) { try { if (this.listBoxUploadKeywords.Items.Count == 0) { MessageBox.Show("At least one keyword must be associated with the data before it is uploaded"); return; } if (this.keyPair == null) { MessageBox.Show("You must load user keys first"); return; } if (this.rolesUserControlUploadData.SelectedRoles.Count == 0) { MessageBox.Show("You must select at least one role which should have access to the uploaded data"); return; } byte[] fileContent = File.ReadAllBytes(this.labelUploadData.Text); AesEncryptionInfo encryptionInfo = SymmetricEncryptor.GenerateSymmetricKeyInfo(); byte[] fileCiphertext = SymmetricEncryptor.Encrypt(fileContent, encryptionInfo); IPreService preProxy = CreatePreProxy(); byte[] encSymIv = preProxy.Encrypt(this.keyPair.Public, encryptionInfo.IV); preProxy = CreatePreProxy(); byte[] encSymKey = preProxy.Encrypt(this.keyPair.Public, encryptionInfo.Key); byte[] name = SymmetricEncryptor.Encrypt(Path.GetFileName(this.labelUploadData.Text).GetBytes(), encryptionInfo); DataEntity entity = new DataEntity(); entity.Attributes = CollectAndEncryptAttributes(encryptionInfo); entity.Payload = new FilePayload(name, fileCiphertext); entity.AesInfo = new AesEncryptionInfo(encSymKey, encSymIv); entity.Id = Guid.NewGuid(); entity.Signature = DataSigner.Sign(entity, this.signingKeys); IGatewayService proxy = CreateServiceProxy(); proxy.CreateDataEntities(this.myId, this.rolesUserControlUploadData.SelectedRoles, new[] { entity }); MessageBox.Show("Done uploading"); } catch (Exception ex) { MessageBox.Show("Error: " + ex.Message); Logger.LogError("Error preparing and uploading data to server", ex); } }
private void buttonGenerateKeypairsForUser_Click(object sender, EventArgs e) { try { if (string.IsNullOrEmpty(this.textBoxNewUserId.Text)) { MessageBox.Show("You must enter a username"); return; } this.newUserId = GuidCreator.CreateGuidFromString(this.textBoxNewUserId.Text); if (this.masterKeypair == null) { MessageBox.Show("You must load master key pair first"); return; } string filename = FileDialogs.AskUserForFileNameToSaveIn(); if (!string.IsNullOrEmpty(filename)) { if (!Path.HasExtension(filename)) { filename = filename + ".xml"; } this.signKeyPair = DataSigner.GenerateSignKeyPair(); IPreService proxy = GetPreProxy(); this.userKeypair = proxy.GenerateKeyPair(); proxy = GetPreProxy(); this.delegationToken.ToUser = proxy.GenerateDelegationKey(this.masterKeypair.Private, this.userKeypair.Public); IGatewayService gateWayproxy = GetServiceProxy(); gateWayproxy.RegisterUser(this.myId, this.newUserId, this.delegationToken, this.signKeyPair.PublicOnly); UserKeys uk = new UserKeys(); uk.MasterKeyPublicKey = Convert.ToBase64String(this.masterKeypair.Public); uk.UserPrivateKey = Convert.ToBase64String(this.userKeypair.Private); uk.UserSignKeys = Convert.ToBase64String(this.signKeyPair.PublicAndPrivate); XmlFile.WriteFile(uk, filename); MessageBox.Show("Done"); } } catch (Exception ex) { MessageBox.Show("Error: " + ex.Message); Logger.LogError("Error generating user keypair", ex); } }
public void CreateDataEntities(Guid userId, IList <Guid> roleIds, IList <DataEntity> dataEntities) { if (dataEntities == null) { throw new ArgumentNullException("dataEntities"); } if (userId == Guid.Empty) { throw new ArgumentException("userId"); } AssertSystemIsInitialized(); User user = GetAssertUser(userId); IList <Role> checkedRoles = new List <Role>(); foreach (Guid roleId in roleIds) { Role r = GetAssertRole(roleId); AssertUserHasRoleOrAncestorOfRole(user, roleId); if (r.DataEntityPermission == DataEntityPermission.ReadContent) { throw new InvalidOperationException("You cannot create data using one of the specified roles"); } checkedRoles.Add(r); } AssertRolesHasSameRoot(checkedRoles); foreach (DataEntity dataEntity in dataEntities) { CheckDataEntity(dataEntity); if (!DataSigner.IsSignatureValid(dataEntity, dataEntity.Signature, user.SignPublicKey)) { throw new InvalidOperationException("A data signature is not valid"); } } foreach (DataEntity entity in dataEntities) { this.storage.CreateDataEntity(userId, entity); } foreach (Role role in checkedRoles) { AddDataEntitiesToRoleAndAllParentsRoles(this.storage.GetDataOwnerRole(), role, dataEntities); } }
private void buttonUploadNow_Click(object sender, EventArgs e) { try { if (this.listBoxUploadKeywords.Items.Count == 0) { MessageBox.Show("At least one keyword must be associated with the data before it is uploaded"); return; } if (!this.userkeysLoaded) { MessageBox.Show("You must load user keys first"); return; } byte[] fileContent = File.ReadAllBytes(this.labelUploadData.Text); AesEncryptionInfo encryptionInfo = SymmetricEncryptor.GenerateSymmetricKeyInfo(); byte[] fileCiphertext = SymmetricEncryptor.Encrypt(fileContent, encryptionInfo); IPreService preProxy = CreatePreProxy(); byte[] encSymIv = preProxy.Encrypt(this.masterPublicKey, encryptionInfo.IV); preProxy = CreatePreProxy(); byte[] encSymKey = preProxy.Encrypt(this.masterPublicKey, encryptionInfo.Key); byte[] name = SymmetricEncryptor.Encrypt(Path.GetFileName(this.labelUploadData.Text).GetBytes(), encryptionInfo); DataEntity entity = new DataEntity(); entity.Attributes = CollectAndEncryptAttributes(encryptionInfo); entity.Payload = new FilePayload(name, fileCiphertext); entity.AesInfo = new AesEncryptionInfo(encSymKey, encSymIv); entity.Id = Guid.NewGuid(); // perhaps base guid on the file path?? entity.Signature = DataSigner.Sign(entity, this.userSignKeys); IGatewayService proxy = CreateServiceProxy(); proxy.InsertData(GetUserIdentity(), entity); MessageBox.Show("Done uploading"); } catch (Exception ex) { MessageBox.Show("Error: " + ex.Message); Logger.LogError("Error preparing and uploading data to server", ex); } }
public bool VerifyIntegrity(Guid userId, Guid dataEntityId) { GetDelegationKey(userId); // to check that the user is still valid and has not been revoked DataEntity dataEntity = this.dataEntityStorage.FindDataEntityMetadataFromId(dataEntityId); if (dataEntity == null) { throw new InvalidOperationException("Data entity with specified id was not found"); } Guid authorId = this.dataEntityStorage.FindAuthorOfDataEntity(dataEntityId); byte[] signPublicKey = this.tokenStorage.FindSignPublicKey(authorId); dataEntity.Payload.Content = this.dataEntityStorage.FindDataEntityPayloadFromId(dataEntityId); return(DataSigner.IsSignatureValid(dataEntity, dataEntity.Signature, signPublicKey)); }
private void buttonCreateUser_Click(object sender, EventArgs e) { try { if (this.treeViewRoles.SelectedNode == null || !(this.treeViewRoles.SelectedNode.Tag is RoleDescription)) { return; } if (string.IsNullOrEmpty(this.textBoxNewUserName.Text)) { MessageBox.Show("You must enter a username"); return; } Guid newUserId = GuidCreator.CreateGuidFromString(this.textBoxNewUserName.Text); if (this.masterKeypair == null && this.keyPair == null) { MessageBox.Show("You must load your key pair first"); return; } string filename = FileDialogs.AskUserForFileNameToSaveIn(); if (!string.IsNullOrEmpty(filename)) { if (!Path.HasExtension(filename)) { filename = filename + ".xml"; } SignKeys userSignKeyPair = DataSigner.GenerateSignKeyPair(); IPreService proxy; KeyPair userKeypair; DelegationToken userDelegationToken; if (this.masterKeypair != null) { proxy = GetPreProxy(); userKeypair = proxy.GenerateKeyPair(); userDelegationToken = new DelegationToken(); proxy = GetPreProxy(); userDelegationToken.ToUser = proxy.GenerateDelegationKey(this.masterKeypair.Private, userKeypair.Public); } else { userKeypair = this.keyPair; // I am not a DO, so when creating a new user then reuse my key userDelegationToken = null; // I do not know my own delegation key. The server will put it in for me. } proxy = GetPreProxy(); byte[] username = proxy.Encrypt(this.keyPair.Public, this.textBoxNewUserName.Text.GetBytes()); User user = new User(); user.DelegationToken = userDelegationToken; user.Id = newUserId; user.Name = username; user.SignPublicKey = userSignKeyPair.PublicOnly; RoleDescription role = (RoleDescription)this.treeViewRoles.SelectedNode.Tag; IGatewayService gateWayproxy = GetServiceProxy(); gateWayproxy.CreateUser(this.myId, role.Id, user); KeyCollection uk = new KeyCollection(); uk.PublicKey = Convert.ToBase64String(this.keyPair.Public); // use original DO public key uk.PrivateKey = Convert.ToBase64String(userKeypair.Private); uk.SignKeys = Convert.ToBase64String(userSignKeyPair.PublicAndPrivate); XmlFile.WriteFile(uk, filename); buttonRefreshRolesAndUsers_Click(this, EventArgs.Empty); } } catch (Exception ex) { MessageBox.Show("Error: " + ex.Message); Logger.LogError("Error generating user keypair", ex); } }