public TClass ExecuteSymKeyEncryption <TClass>(RestRequest request, string body) where TClass : new() { request.AddHeader("client", DtoGobalSettings.ClientIdentity.Name); request.AddHeader("identifier", DtoGobalSettings.ClientIdentity.Guid); var serviceSetting = new ServiceSetting(); var entropy = serviceSetting.GetSetting("entropy"); var encryptedKey = serviceSetting.GetSetting("encryption_key"); var decryptedKey = ServiceDP.DecryptData(Convert.FromBase64String(encryptedKey.Value), true, Convert.FromBase64String(entropy.Value)); if (!string.IsNullOrEmpty(body)) { var encryptedContent = new ServiceSymmetricEncryption().EncryptData(decryptedKey, body); request.AddParameter("text/xml", encryptedContent, ParameterType.RequestBody); } var deviceThumbprint = new ServiceSetting().GetSetting("device_thumbprint"); var deviceCert = ServiceCertificate.GetCertificateFromStore(deviceThumbprint.Value, StoreName.My); if (deviceCert == null) { return(default(TClass)); } var encryptedCert = new ServiceSymmetricEncryption().EncryptData(decryptedKey, Convert.ToBase64String(deviceCert.RawData)); request.AddHeader("device_cert", Convert.ToBase64String(encryptedCert)); return(SubmitRequest <TClass>(request, decryptedKey)); }
public bool Reset(string key, string thumbprint) { Logger.Info("Resetting Server Key"); var entropy = new byte[16]; new RNGCryptoServiceProvider().GetBytes(entropy); var serverKeyBytes = Encoding.ASCII.GetBytes(key); var encryptedKey = ServiceDP.EncryptData(serverKeyBytes, true, entropy); var serviceSetting = new ServiceSetting(); var serverKeyEntropy = serviceSetting.GetSetting("server_key_entropy"); serverKeyEntropy.Value = Convert.ToBase64String(entropy); serviceSetting.UpdateSettingValue(serverKeyEntropy); var serverKey = serviceSetting.GetSetting("server_key"); serverKey.Value = Convert.ToBase64String(encryptedKey); serviceSetting.UpdateSettingValue(serverKey); var caThumbprint = serviceSetting.GetSetting("ca_thumbprint"); caThumbprint.Value = thumbprint; serviceSetting.UpdateSettingValue(caThumbprint); Logger.Info("Resetting Server Key Finished"); return(true); }
public bool DownloadFile(RestRequest request, string body, string destination) { if (string.IsNullOrEmpty(body)) { throw new ArgumentException("body"); } request.AddHeader("client", DtoGobalSettings.ClientIdentity.Name); request.AddHeader("identifier", DtoGobalSettings.ClientIdentity.Guid); var serviceSetting = new ServiceSetting(); var entropy = serviceSetting.GetSetting("entropy"); var encryptedKey = serviceSetting.GetSetting("encryption_key"); var decryptedKey = ServiceDP.DecryptData(Convert.FromBase64String(encryptedKey.Value), true, Convert.FromBase64String(entropy.Value)); var encryptedContent = new ServiceSymmetricEncryption().EncryptData(decryptedKey, body); request.AddParameter("text/xml", encryptedContent, ParameterType.RequestBody); var deviceThumbprint = new ServiceSetting().GetSetting("device_thumbprint"); var deviceCert = ServiceCertificate.GetCertificateFromStore(deviceThumbprint.Value, StoreName.My); if (deviceCert == null) { return(false); } var encryptedCert = new ServiceSymmetricEncryption().EncryptData(decryptedKey, Convert.ToBase64String(deviceCert.RawData)); request.AddHeader("device_cert", Convert.ToBase64String(encryptedCert)); try { _log.Debug(request.Resource); using (var stream = File.Create(destination, 4096)) { request.ResponseWriter = (responseStream) => responseStream.CopyTo(stream); _client.DownloadData(request); if (stream.Length == 0) { //something went wrong, rest sharp can't display any other info with downloaddata, so we don't know why return(false); } } return(true); } catch (Exception ex) { _log.Error("Could Not Save File: " + destination); _log.Error(ex.Message); return(false); } }
public TClass ExecuteHMAC <TClass>(RestRequest request, string computerName) where TClass : new() { //Calculate UNIX time var epochStart = new DateTime(1970, 01, 01, 0, 0, 0, 0, DateTimeKind.Utc); var timeSpan = DateTime.UtcNow - epochStart; var requestTimeStamp = Convert.ToUInt64(timeSpan.TotalSeconds).ToString(); var nonce = Guid.NewGuid().ToString("N"); var url = HttpUtility.UrlEncode(_client.BaseUrl + request.Resource).ToLower(); var body = request.Parameters.FirstOrDefault(p => p.Type == ParameterType.RequestBody); var requestContentBase64String = string.Empty; if (body != null) { var content = Encoding.ASCII.GetBytes(body.Value.ToString()); var md5 = MD5.Create(); var requestContentHash = md5.ComputeHash(content); requestContentBase64String = Convert.ToBase64String(requestContentHash); } var signatureRawData = string.Format("{0}{1}{2}{3}{4}{5}", computerName, request.Method, url, requestTimeStamp, nonce, requestContentBase64String); var serviceSetting = new ServiceSetting(); var serverKeyEntropy = serviceSetting.GetSetting("server_key_entropy"); var encryptedServerKey = serviceSetting.GetSetting("server_key"); var decryptedServerKey = ServiceDP.DecryptData(Convert.FromBase64String(encryptedServerKey.Value), true, Convert.FromBase64String(serverKeyEntropy.Value)); var signature = Encoding.UTF8.GetBytes(signatureRawData); string requestSignatureBase64String; using (var hmac = new HMACSHA256(decryptedServerKey)) { var signatureBytes = hmac.ComputeHash(signature); requestSignatureBase64String = Convert.ToBase64String(signatureBytes); } request.AddHeader("Authorization", "amx " + string.Format("{0}:{1}:{2}:{3}", computerName, requestSignatureBase64String, nonce, requestTimeStamp)); return(SubmitRequest <TClass>(request)); }
private EnumProvisionStatus.Status RenewSymmKey() { var deviceThumbprint = _serviceSetting.GetSetting("device_thumbprint"); var deviceCert = ServiceCertificate.GetCertificateFromStore(deviceThumbprint.Value, StoreName.My); if (deviceCert == null) { return(EnumProvisionStatus.Status.Error); } var key = GenerateSymmKey(); var renewRequest = new DtoRenewKeyRequest(); renewRequest.Name = DtoGobalSettings.ClientIdentity.Name; renewRequest.Guid = DtoGobalSettings.ClientIdentity.Guid; renewRequest.DeviceCert = Convert.ToBase64String(deviceCert.RawData); renewRequest.SymmKey = Convert.ToBase64String(key); var renewResult = new APICall().ProvisionApi.RenewSymmKey(renewRequest); if (renewResult == null) { return(EnumProvisionStatus.Status.Error); } if (renewResult.ProvisionStatus != EnumProvisionStatus.Status.Provisioned) { return(renewResult.ProvisionStatus); } UpdateComServers(renewResult.ComServers); var entropy = _serviceSetting.GetSetting("entropy"); var entropyBytes = ServiceDP.CreateRandomEntropy(); entropy.Value = Convert.ToBase64String(entropyBytes); _serviceSetting.UpdateSettingValue(entropy); var encryptedKey = ServiceDP.EncryptData(key, true, entropyBytes); var keySetting = _serviceSetting.GetSetting("encryption_key"); keySetting.Value = Convert.ToBase64String(encryptedKey); _serviceSetting.UpdateSettingValue(keySetting); return(EnumProvisionStatus.Status.Provisioned); }
private EnumProvisionStatus.Status ProvisionStage2() { var intermediateThumbprint = _serviceSetting.GetSetting("intermediate_thumbprint"); if (string.IsNullOrEmpty(intermediateThumbprint.Value)) { //assume stage 1 didn't finish return(EnumProvisionStatus.Status.NotStarted); } var intermediate = ServiceCertificate.GetCertificateFromStore(intermediateThumbprint.Value, StoreName.CertificateAuthority); if (intermediate == null) { return(EnumProvisionStatus.Status.NotStarted); } var key = GenerateSymmKey(); var provisionRequest = new DtoProvisionRequest(); provisionRequest.Name = DtoGobalSettings.ClientIdentity.Name; provisionRequest.AdGuid = new ServiceAD().GetADGuid(provisionRequest.Name); provisionRequest.SymmKey = EncryptDataWithIntermediate(intermediate.PublicKey.Key, key); provisionRequest.InstallationId = DtoGobalSettings.ClientIdentity.InstallationId; //include some hardware details Logger.Debug("Gathering Hardware Details"); var inventoryCollection = new DtoInventoryCollection(); new ComputerSystem().Search(inventoryCollection); new Bios().Search(inventoryCollection); new Processor().Search(inventoryCollection); new Nic().Search(inventoryCollection); try { var m = Convert.ToInt64(inventoryCollection.ComputerSystem.TotalPhysicalMemory); provisionRequest.Memory = Convert.ToInt32(m / 1024 / 1024); } catch { provisionRequest.Memory = 0; } try { provisionRequest.Processor = inventoryCollection.Processor.Name; } catch { provisionRequest.Processor = string.Empty; } try { provisionRequest.SerialNumber = inventoryCollection.Bios.SerialNumber; } catch { provisionRequest.SerialNumber = string.Empty; } try { provisionRequest.Model = inventoryCollection.ComputerSystem.Model; } catch { provisionRequest.Model = string.Empty; } try { foreach (var nic in inventoryCollection.NetworkAdapters) { provisionRequest.Macs.Add(nic.Mac); } } catch { //do nothing } inventoryCollection = null; var response = new APICall().ProvisionApi.ProvisionClient(provisionRequest); if (response == null) { return(EnumProvisionStatus.Status.Error); } if (response.ProvisionStatus == EnumProvisionStatus.Status.Reset) { Logger.Info("Client Reset Approved. Starting Reset Process."); return(EnumProvisionStatus.Status.Reset); } if (response.ProvisionStatus == EnumProvisionStatus.Status.FullReset) { Logger.Info("Client Full Reset Requested. Starting Full Reset Process."); return(EnumProvisionStatus.Status.FullReset); } if (response.ProvisionStatus == EnumProvisionStatus.Status.PendingReset) { Logger.Info("Client Is Pending Reset Approval."); return(EnumProvisionStatus.Status.PendingReset); } if (response.ProvisionStatus == EnumProvisionStatus.Status.PendingProvisionApproval) { Logger.Info("Client Is Pending Provisioning Approval"); return(EnumProvisionStatus.Status.PendingProvisionApproval); } if (response.ProvisionStatus == EnumProvisionStatus.Status.PendingPreProvision) { Logger.Info("Client Has Not Been Pre-Provisioned And The Current Security Policy Requires It."); return(EnumProvisionStatus.Status.PendingPreProvision); } if (response.ProvisionStatus != EnumProvisionStatus.Status.PendingConfirmation) { return(EnumProvisionStatus.Status.Error); } var byteCert = Convert.FromBase64String(response.Certificate); var base64Cert = new ServiceSymmetricEncryption().Decrypt(key, byteCert); var deviceCert = new X509Certificate2(Convert.FromBase64String(base64Cert)); if (ServiceCertificate.StoreLocalMachine(deviceCert, StoreName.My)) { var deviceThumbprint = _serviceSetting.GetSetting("device_thumbprint"); deviceThumbprint.Value = deviceCert.Thumbprint; _serviceSetting.UpdateSettingValue(deviceThumbprint); var computerIdentifier = _serviceSetting.GetSetting("computer_identifier"); computerIdentifier.Value = response.ComputerIdentifier; DtoGobalSettings.ClientIdentity.Guid = response.ComputerIdentifier; _serviceSetting.UpdateSettingValue(computerIdentifier); var entropy = _serviceSetting.GetSetting("entropy"); var entropyBytes = ServiceDP.CreateRandomEntropy(); entropy.Value = Convert.ToBase64String(entropyBytes); _serviceSetting.UpdateSettingValue(entropy); var encryptedKey = ServiceDP.EncryptData(key, true, entropyBytes); var keySetting = _serviceSetting.GetSetting("encryption_key"); keySetting.Value = Convert.ToBase64String(encryptedKey); _serviceSetting.UpdateSettingValue(keySetting); var settingProvisionStatus = _serviceSetting.GetSetting("provision_status"); settingProvisionStatus.Value = Convert.ToInt16(response.ProvisionStatus).ToString(); _serviceSetting.UpdateSettingValue(settingProvisionStatus); } return(EnumProvisionStatus.Status.PendingConfirmation); }