/// <summary>
/// Decrypt incoming buffer array to a Dictionary.
/// </summary>
/// <param name="pInbuffer">incoming byte arrey to be decrypted</param>
/// <returns></returns>
public Dictionary <string, string> DecryptKV(byte[] pInbuffer)
{
try
{
var fromEncrypt = Decrypt(pInbuffer, MySecrets?.GetAK(), MySecrets?.GetAI());
string dec = CU.CArray2UnicodeString(fromEncrypt, 0, fromEncrypt.Length);
dec = dec.TrimEnd('\0');
var pos = dec.IndexOf('@');
if (pos < 0)
{
return(null);
}
var tPref = dec.Substring(0, pos);
var tP = tPref.Split(':');
if (tP.Length < 2 || CU.CInt(tP[1]) != (dec.Substring(pos + 1)).Length)
{
return(null);
}
return(CU.DeserializeJSONStringToObject <Dictionary <string, string> >(dec.Substring(pos + 1)));
}
catch (Exception)
{
MySYSLOG?.WriteToLog(0, 5015, "ICDECrypto", $"Error during KV decrypt...", eMsgLevel.l1_Error);
return(null);
}
}
public string GetAppCert(bool bDontVerifyTrust = false, string pFromFile = null, bool bVerifyTrustPath = true, bool bDontVerifyIntegrity = false)
{
DontVerifyTrust = bDontVerifyTrust; //Moved here if DontVerifyTrust was set and GetAppCert was called on diffent CodeSigner
VerifyTrustPath = bVerifyTrustPath;
DontVerifyIntegrity = bDontVerifyIntegrity;
if (!string.IsNullOrEmpty(MyAppCertThumb) && string.IsNullOrEmpty(pFromFile))
{
return(MyAppCertThumb);
}
if (pFromFile == null)
{
pFromFile = Assembly.GetExecutingAssembly().Location; // C-DEngine.dll
}
if (pFromFile == null)
{
return(null);
}
//No BaseAssets access and MyServiceHostInfo not set at this point
//string tBaseDir = TheBaseAssets.MyServiceHostInfo.BaseDirectory;
//if (TheBaseAssets.MyServiceHostInfo.cdeHostingType == cdeHostType.IIS) tBaseDir += "bin\\";
//string uDir = tBaseDir;
//if (!string.IsNullOrEmpty(TheBaseAssets.MyServiceHostInfo.ISMMainExecutable))
//{
// uDir += TheBaseAssets.MyServiceHostInfo.ISMMainExecutable;
// if (TheBaseAssets.MyServiceHostInfo.cdeHostingType != cdeHostType.IIS)
// {
// var hostPath = uDir + ".exe";
// if (!File.Exists(hostPath))
// {
// // We may be running under .Net Core with a .dll-based host
// hostPath = uDir + ".dll";
// }
// uDir = hostPath;
// }
//}
//else
// uDir += "C-DEngine.dll";
MySYSLOG?.WriteToLog(eDEBUG_LEVELS.ESSENTIALS, 418, "Diagnostics", $"Reading Cert on ISM {pFromFile} ");
try
{
MyAppHostCert = VerifyPEAndReadSignerCert(pFromFile, VerifyTrustPath, !DontVerifyIntegrity);
}
catch (Exception)
{
MyAppHostCert = null;
}
if (MyAppHostCert == null)
{
MySYSLOG?.WriteToLog(eDEBUG_LEVELS.ESSENTIALS, 418, "Diagnostics", $"Base Application {pFromFile} is not signed - C-DEngine is used", eMsgLevel.l1_Error);
pFromFile = Assembly.GetExecutingAssembly().Location;
try
{
MyAppHostCert = VerifyPEAndReadSignerCert(pFromFile, VerifyTrustPath, !DontVerifyIntegrity);
}
catch (Exception)
{
MyAppHostCert = null;
}
}
if (MyAppHostCert == null)
{
MySYSLOG?.WriteToLog(eDEBUG_LEVELS.ESSENTIALS, 418, "Diagnostics", $"C-DEngine is not signed or signature could not be read", eMsgLevel.l1_Error);
}
MySYSLOG?.WriteToLog(eDEBUG_LEVELS.ESSENTIALS, 418, "Diagnostics", $"App Cert found on ISM {pFromFile} Thumb:{MyAppHostCert?.Thumbprint?.ToLower()}");
return(MyAppCertThumb = MyAppHostCert?.Thumbprint?.ToLower());
}
////////////////////////////////////////////////////////////////////////////////////////////////////
/// <summary> Loads a crypto library for all Security related methods. </summary>
///
/// <remarks> Chris, 3/27/2020. </remarks>
///
/// <param name="pDLLName"> Name of the crypto DLL. </param>
/// <param name="bDontVerifyTrust"></param>
/// <param name="pFromFile"></param>
/// <param name="bVerifyTrustPath"></param>
/// <param name="bDontVerifyIntegrity"></param>
/// <param name="pMySYSLOG"></param>
///
/// <returns> Error string if load failed - then the default security in the CDE is used. Null if succeeded </returns>
////////////////////////////////////////////////////////////////////////////////////////////////////
public static string LoadCrypto(string pDLLName, ICDESystemLog pMySYSLOG = null, bool bDontVerifyTrust = false, string pFromFile = null, bool bVerifyTrustPath = true, bool bDontVerifyIntegrity = false)
{
if (MasterSwitch)
{
return(CryptoLoadMessage = "LoadCrypto is not allowed after the Node has been started");
}
try
{
var inDLLName = pDLLName;
if (string.IsNullOrEmpty(pDLLName))
{
pDLLName = "cdeCryptoLib.dll";
}
Dictionary <string, string> tL = new Dictionary <string, string>();
Assembly tCryptoAssembly = null;
string codeSignThumb;
if (AppDomain.CurrentDomain?.FriendlyName != "RootDomain" && AppDomain.CurrentDomain?.FriendlyName != "MonoTouch") //Android and IOS
{
if (MyCodeSigner == null)
{
MyCodeSigner = new TheDefaultCodeSigning(MySecrets, pMySYSLOG);
}
codeSignThumb = MyCodeSigner.GetAppCert(bDontVerifyTrust, pFromFile, bVerifyTrustPath, bDontVerifyIntegrity);
if (!bDontVerifyTrust && string.IsNullOrEmpty(codeSignThumb))
{
return(CryptoLoadMessage = $"No code-signing certificate found but required");
}
if (!pDLLName.Contains(Path.DirectorySeparatorChar))
{
pDLLName = Path.Combine(AppDomain.CurrentDomain.RelativeSearchPath != null ? AppDomain.CurrentDomain.RelativeSearchPath : AppDomain.CurrentDomain.BaseDirectory, pDLLName);
}
AppDomain.CurrentDomain.ReflectionOnlyAssemblyResolve += new ResolveEventHandler(CurrentDomain_ReflectionOnlyAssemblyResolve);
var pLoader = new CryptoReferenceLoader();
tL = pLoader.ScanLibrary(pDLLName, out TSM tTSM, out tCryptoAssembly);
if (tTSM != null)
{
TheSystemMessageLog.ToCo($"Domain:{AppDomain.CurrentDomain?.FriendlyName} DLL:{pFromFile} Cert Found:{codeSignThumb} {tTSM.TXT} {tTSM.PLS}");
}
}
else
{
var types = AppDomain.CurrentDomain.GetAssemblies();
tCryptoAssembly = types.FirstOrDefault(g => g.Location.Contains(pDLLName));
if (tCryptoAssembly != null)
{
var CDEPlugins = from t in tCryptoAssembly.GetTypes()
let ifs = t.GetInterfaces()
where ifs != null && ifs.Length > 0 && (ifs.Any(s => _KnownInterfaces.Contains(s.Name)))
select new { Type = t, t.Namespace, t.Name, t.FullName };
foreach (var Plugin in CDEPlugins)
{
if (!(Plugin?.Type?.IsAbstract == true))
{
var ints = Plugin.Type.GetInterfaces();
foreach (var tI in ints)
{
if (_KnownInterfaces.Contains(tI.Name))
{
tL[tI.Name] = Plugin.FullName;
}
}
}
}
}
}
if ((bDontVerifyTrust || MyCodeSigner?.IsTrusted(pDLLName) == true) && tL?.Count > 0)
{
if (tCryptoAssembly == null)
{
tCryptoAssembly = Assembly.LoadFrom(pDLLName);
}
if (tL.ContainsKey("ICDESecrets"))
{
var tSecType = tCryptoAssembly.GetTypes().First(s => s.FullName == tL["ICDESecrets"]);
MySecrets = Activator.CreateInstance(tSecType) as ICDESecrets;
}
else
{
MySecrets = new TheDefaultSecrets();
}
foreach (string tInter in _KnownInterfaces)
{
if (tL?.ContainsKey(tInter) == true)
{
var tNType = tCryptoAssembly.GetTypes().First(s => s.FullName == tL[tInter]);
try
{
switch (tInter)
{
case "ICDEScopeManager": MyScopeManager = Activator.CreateInstance(tNType, new object[] { MySecrets, pMySYSLOG }) as ICDEScopeManager; break;
case "ICDECodeSigning": MyCodeSigner = Activator.CreateInstance(tNType, new object[] { MySecrets, pMySYSLOG }) as ICDECodeSigning; break;
case "ICDEActivation": MyActivationManager = Activator.CreateInstance(tNType, new object[] { MySecrets, pMySYSLOG }) as ICDEActivation; break;
case "ICDECrypto": MyCrypto = Activator.CreateInstance(tNType, new object[] { MySecrets, pMySYSLOG }) as ICDECrypto; break;
}
}
catch (Exception e)
{
pMySYSLOG?.WriteToLog(0, 1, "LoadCrypto", $"Failed to create implementation of {tInter}. Most likely constructor not implemented correctly (must take ICDESecrets as first parameter): {e}", eMsgLevel.l1_Error);
}
}
}
}
else
{
return(CryptoLoadMessage = $"The {pDLLName} is not trusted");
}
}
catch (Exception e)
{
return(CryptoLoadMessage = $"Errors During Load: {e}");
}
return(null);
}