/// <summary>
/// Creates an offline escrow entry for the master keys in the profile.
/// </summary>
/// <param name="Profile">The profile to create offline escrow entries for.</param>
/// <param name="Shares">The total number of key shares to be created.</param>
/// <param name="Quorum">The number of key shares required to recover the keys.</param>
/// <returns></returns>
public OfflineEscrowEntry(PersonalProfile Profile, int Shares, int Quorum) {
var Master = Profile.PersonalMasterProfile;
var EscrowedKeySet = new EscrowedKeySet();
EscrowedKeySet.PrivateKeys = new List<Key>();
EscrowedKeySet.PrivateKeys.Add(GetEscrow(
Profile.PersonalMasterProfile.MasterSignatureKey.UDF));
foreach (var Escrow in Profile.PersonalMasterProfile.MasterEscrowKeys) {
EscrowedKeySet.PrivateKeys.Add(GetEscrow (Escrow.UDF));
}
var Encryptor = CryptoCatalog.Default.GetEncryption(
CryptoAlgorithmID.AES128CBC);
var Secret = new Secret(Encryptor.Size);
_KeyShares = Secret.Split(Shares, Quorum);
//Trace.WriteHex("MasterKey", Secret.Key);
//foreach (var share in _KeyShares) {
// Trace.WriteHex("Share", share.Key);
// }
Encryptor.Key = Secret.Key;
EncryptedData = new JoseWebEncryption (EscrowedKeySet.GetBytes(), Encryptor);
Identifier = UDF.ToString (UDF.FromEscrowed(Secret.Key, 150));
}
/// <summary>
/// Create a new profile for [email protected]
/// </summary>
void CreateProfile() {
// Create device profile
SignedDeviceProfile1 = new SignedDeviceProfile(Device1, Device1Description);
// Create master profile
PersonalProfile = new PersonalProfile(SignedDeviceProfile1);
SignedPersonalProfile = PersonalProfile.Signed;
}
public void TestLiveMail () {
// Create test Mesh
File.Delete(Store);
File.Delete(Portal);
Mesh = new Mesh(Service, Store, Portal);
// Create Master Profile
Mesh.CheckAccount(AccountID);
var DevProfile = new SignedDeviceProfile(Device1, Device1Description);
var UserProfile = new PersonalProfile(DevProfile);
var SignedProfile = UserProfile.Signed;
Mesh.CreateAccount(UserName, SignedProfile);
Mesh.GetAccount(UserName);
// Read the LiveMail accounts
var MailClientCatalog = new MailClientCatalogPlatform();
MailClientCatalog.ImportWindowsLiveMail();
MailClientCatalog.Dump();
var MailAccount = MailClientCatalog.Accounts[0];
// Add self signed certs if they don't have them already
MailAccount.GenerateSMIME();
// Write out the updated profile
MailAccount.Update();
//// Create Mail Profile
//var MailProfile = new MailProfile(UserProfile, MailAccount);
// Create Test Account from Mail Profile
var NewMailInfo = new MailAccountInfoWLM();
//MailProfile.Export(NewMailInfo);
NewMailInfo.AccountName = "Test-Delete";
// Write it out
NewMailInfo.Create();
}
/// <summary>
/// Deserialize a tagged stream
/// </summary>
/// <param name="JSONReader">The input stream</param>
/// <returns>The created object.</returns>
public static new Entry FromTagged (JSONReader JSONReader) {
Entry Out = null;
JSONReader.StartObject ();
if (JSONReader.EOR) {
return null;
}
string token = JSONReader.ReadToken ();
switch (token) {
case "Entry" : {
var Result = new Entry ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "SignedProfile" : {
var Result = new SignedProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "SignedDeviceProfile" : {
var Result = new SignedDeviceProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "SignedMasterProfile" : {
var Result = new SignedMasterProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "SignedPersonalProfile" : {
var Result = new SignedPersonalProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "SignedApplicationProfile" : {
var Result = new SignedApplicationProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "SignedConnectionRequest" : {
var Result = new SignedConnectionRequest ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "SignedConnectionResult" : {
var Result = new SignedConnectionResult ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "Profile" : {
Out = null;
throw new Exception ("Can't create abstract type");
}
case "DeviceProfile" : {
var Result = new DeviceProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "MasterProfile" : {
var Result = new MasterProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "PersonalProfile" : {
var Result = new PersonalProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "ApplicationProfile" : {
var Result = new ApplicationProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "EncryptedProfile" : {
var Result = new EncryptedProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "ApplicationProfilePrivate" : {
var Result = new ApplicationProfilePrivate ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "EscrowEntry" : {
var Result = new EscrowEntry ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "OfflineEscrowEntry" : {
var Result = new OfflineEscrowEntry ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "OnlineEscrowEntry" : {
var Result = new OnlineEscrowEntry ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
default : {
//Ignore the unknown data
//throw new Exception ("Not supported");
break;
}
}
JSONReader.EndObject ();
return Out;
}
/// <summary>
/// Generate a new profile with the requested options. Note that this could be
/// parallelized very easily by performing time consuming operations (e.g. generating
/// keys) while the user is answering other questions.
/// </summary>
public void GenerateProfile() {
UserProfile = new PersonalProfile(ThisDevice);
UDF = UserProfile.PersonalMasterProfile.MasterSignatureKey.UDF;
if (ConfigurePassword) {
var PasswordProfile = new PasswordProfile(UserProfile);
PasswordProfile.AddDevice(ThisDevice);
MeshClient.Publish(PasswordProfile.Signed);
}
if (ConfigureNetwork) {
var NetworkProfile = new NetworkProfile(UserProfile);
NetworkProfile.AddDevice(ThisDevice);
MeshClient.Publish(NetworkProfile.Signed);
}
if (ConfigureEmail) {
foreach (var MailAccountInfo in MailAccountInfos) {
// Add in the S/MIME parameters and update the profile
//if (!MailAccountInfo.GotSMIME) {
MailAccountInfo.GenerateSMIME();
MailAccountInfo.Update();
//}
var MailProfile = new MailProfile(UserProfile, MailAccountInfo);
MailProfile.AddDevice(ThisDevice);
//var SignedMailProfile = new SignedApplicationProfile(MailProfile);
MeshClient.Publish(MailProfile.Signed);
}
}
if (ConfigureRecovery) {
MakeCheckRecovery();
}
// publish to the cloud
var SignedProfile = new SignedPersonalProfile(UserProfile);
SignedProfile.ToRegistry();
MeshClient.CreatePersonalProfile(AccountID, SignedProfile);
}
public void InstallMail (PersonalProfile PersonalProfile, string ID) {
var SMP = MeshClient.GetApplicationProfile(ID);
var MailProfile = SMP.Signed as MailProfile;
MailProfile.Link(PersonalProfile);
MailProfile.Private.AccountName = "Mesh-" + MailProfile.Private.AccountName;
var AccountInfo = new MailAccountInfoWLM();
MailProfile.Export(AccountInfo);
AccountInfo.Create();
}
/// <summary>
/// Unpack the SignedData structure and verify that the components
/// are all valid.
/// <para>The Personal Master is signed with the PMSK.</para>
/// <para>The Administration profile is signed with the POSK.</para>
/// <para>The Personal profile is signed with a valid admin key.</para>
/// <para>Each signing key matches the specified UDF.</para>
/// </summary>
/// <returns></returns>
PersonalProfile UnpackAndVerify() {
var Text = Encoding.UTF8.GetString(SignedData.Payload);
//Goedel.Debug.Trace.WriteLine("Data as signed {0}", Text);
var Unpacked = PersonalProfile.FromTagged (Text);
Unpacked.Unpack();
CheckSignedPOSK(Unpacked);
//CheckSignedAdmin(Unpacked);
// Check the signature on the profile
_Signed = Unpacked;
return Unpacked;
}
/// <summary>
/// Convenience function that converts a generic Signed Profile returned
/// by the Mesh to a PasswordProfile.
/// </summary>
/// <param name="SignedProfile">A signed password profile.</param>
/// <param name="PersonalProfile">The personal profile to link the Password Profile to.</param>
/// <returns>Inner PasswordProfile if the Signed Profile contains one,
/// otherwise null.</returns>
public static PasswordProfile Get(SignedProfile SignedProfile,
PersonalProfile PersonalProfile) {
var Result = SignedProfile.Inner as PasswordProfile;
if (Result == null) {
throw new Throw("Not a password profile.");
}
Result.Link(PersonalProfile);
return (Result);
}
private void GetProfile(String Portal, String UDF) {
RegistrationPersonal = Machine.Personal;
Utils.Assert(RegistrationPersonal, "No profile found");
PortalID = RegistrationPersonal?.Portals?[0];
Utils.Assert(PortalID, "No portal ID known");
SignedPersonalProfile = RegistrationPersonal.Profile;
PersonalProfile = SignedPersonalProfile.Signed;
PersonalProfile.SignedDeviceProfile = GetDevice(SignedPersonalProfile);
}
public void CheckInValidBadProfileSignature(Mesh Mesh) {
var DevProfile = new SignedDeviceProfile(Device1, Device1Description);
var UserProfile = new PersonalProfile(DevProfile);
var PasswordProfile = new PasswordProfile(UserProfile);
//PasswordProfile.AddDevice(DevProfile);
var SignedProfile = new SignedPersonalProfile(UserProfile);
Mesh.AddProfile(SignedProfile);
var SignedProfile2 = Mesh.GetSignedPersonalProfile(UserName);
Trace.Spoil(SignedProfile2.SignedData.Signature, SignedProfile2.SignedData.Signature);
var FoundError = CheckProfileFails(SignedProfile2, typeof(System.Exception));
Debug.Trace.Assert("Missed error", FoundError);
}
///// <summary>
///// Construct a MailProfile from the specified account information.
///// </summary>
///// <param name="UserProfile">The personal profile to attach this profile to.</param>
///// <param name="MailAccountInfo">Description of the mail account.</param>
//public MailProfile(PersonalProfile UserProfile, MailAccountInfo MailAccountInfo)
// : base(UserProfile, "MailProfile", MailAccountInfo.AccountName) {
// _Private = new MailProfilePrivate(MailAccountInfo);
// }
///// <summary>
///// Construct an empty MailProfile for the specified account.
///// </summary>
///// <param name="UserProfile">The Personal Profile to link the MailProfile to.</param>
///// <param name="Account">The mail account name.</param>
//public MailProfile(PersonalProfile UserProfile, string Account)
// : base(UserProfile, "MailProfile", Account) {
// //_Private = new MailProfilePrivate(Account);
// }
/// <summary>
/// Get the default mail profile from the specified personal profile.
/// </summary>
/// <param name="UserProfile">The user profile</param>
/// <returns>The default mail profile.</returns>
public static MailProfile Get(PersonalProfile UserProfile) {
//return UserProfile.GetApplication(typeof(MailProfile)) as MailProfile;
return null;
}
public bool Calculate() {
if (NewDeviceProfile) {
var NewProfile = new SignedDeviceProfile(DeviceName, DeviceDescription);
_DeviceProfile = NewProfile;
}
else {
_DeviceProfile = ProfileManager.RegistrationMachine.Device.Device;
}
_PersonalProfile = new PersonalProfile(_DeviceProfile);
// Have got the profile, escrow the key
if (EscrowKeys) {
var OfflineEscrowEntry = new
OfflineEscrowEntry(_PersonalProfile, EscrowShares, EscrowQuorum);
EscrowKeyShares = new List<Goedel.Trojan.Object>();
int Index = 1;
foreach (var KeyShare in OfflineEscrowEntry.KeyShares) {
var Share = new Share();
Share.Number.Value = Index++;
Share.Value.Value = KeyShare.Text;
EscrowKeyShares.Add(Share);
}
}
if (WebApplicationProfile) {
PasswordProfile = new PasswordProfile(PersonalProfile);
PasswordProfile.AddDevice(_DeviceProfile);
}
// Mail profiles here
/*
foreach (var MailAccountInfo in MailAccountInfos) {
// Add in the S/MIME parameters and update the profile
//if (!MailAccountInfo.GotSMIME) {
MailAccountInfo.GenerateSMIME();
MailAccountInfo.Update();
//}
var MailProfile = new MailProfile(UserProfile, MailAccountInfo);
MailProfile.AddDevice(ThisDevice);
//var SignedMailProfile = new SignedApplicationProfile(MailProfile);
MeshClient.Publish(MailProfile.Signed);
}
* */
// Network profiles here
/*
var NetworkProfile = new NetworkProfile(UserProfile);
NetworkProfile.AddDevice(ThisDevice);
MeshClient.Publish(NetworkProfile.Signed);
*/
// SSH profiles here
SignedPasswordProfile = PasswordProfile.Signed;
_SignedPersonalProfile = new SignedPersonalProfile(PersonalProfile);
return true;
}
/// <summary>
/// Construct an instance from the specified tagged JSONReader stream.
/// </summary>
/// <param name="JSONReader">Input stream</param>
/// <param name="Out">The created object</param>
public static void Deserialize(JSONReader JSONReader, out JSONObject Out) {
JSONReader.StartObject ();
if (JSONReader.EOR) {
Out = null;
return;
}
string token = JSONReader.ReadToken ();
Out = null;
switch (token) {
case "PublicKey" : {
var Result = new PublicKey ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "SignedData" : {
var Result = new SignedData ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "EncryptedData" : {
var Result = new EncryptedData ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "Connection" : {
var Result = new Connection ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "Entry" : {
var Result = new Entry ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "SignedProfile" : {
var Result = new SignedProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "Profile" : {
Out = null;
throw new Exception ("Can't create abstract type");
}
case "SignedDeviceProfile" : {
var Result = new SignedDeviceProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "DeviceProfile" : {
var Result = new DeviceProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "DevicePrivateProfile" : {
var Result = new DevicePrivateProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "SignedMasterProfile" : {
var Result = new SignedMasterProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "MasterProfile" : {
var Result = new MasterProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "SignedPersonalProfile" : {
var Result = new SignedPersonalProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "PersonalProfile" : {
var Result = new PersonalProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "SignedApplicationProfile" : {
var Result = new SignedApplicationProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "EncryptedProfile" : {
var Result = new EncryptedProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "ApplicationProfile" : {
var Result = new ApplicationProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "ApplicationProfilePrivate" : {
var Result = new ApplicationProfilePrivate ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "ApplicationProfileEntry" : {
var Result = new ApplicationProfileEntry ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "EscrowEntry" : {
var Result = new EscrowEntry ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "OfflineEscrowEntry" : {
var Result = new OfflineEscrowEntry ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "OnlineEscrowEntry" : {
var Result = new OnlineEscrowEntry ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "EscrowedKeySet" : {
var Result = new EscrowedKeySet ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "ConnectionRequest" : {
var Result = new ConnectionRequest ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "SignedConnectionRequest" : {
var Result = new SignedConnectionRequest ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "ConnectionResult" : {
var Result = new ConnectionResult ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "SignedConnectionResult" : {
var Result = new SignedConnectionResult ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
default : {
throw new Exception ("Not supported");
}
}
JSONReader.EndObject ();
}
/// <summary>
/// Deserialize a tagged stream
/// </summary>
/// <param name="JSONReader">The input stream</param>
/// <returns>The created object.</returns>
public static new PersonalProfile FromTagged (JSONReader JSONReader) {
PersonalProfile Out = null;
JSONReader.StartObject ();
if (JSONReader.EOR) {
return null;
}
string token = JSONReader.ReadToken ();
switch (token) {
case "PersonalProfile" : {
var Result = new PersonalProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
default : {
//Ignore the unknown data
//throw new Exception ("Not supported");
break;
}
}
JSONReader.EndObject ();
return Out;
}
/// <summary>
/// Deserialize a tagged stream
/// </summary>
/// <param name="JSONReader">The input stream</param>
/// <returns>The created object.</returns>
public static new Profile FromTagged (JSONReader JSONReader) {
Profile Out = null;
JSONReader.StartObject ();
if (JSONReader.EOR) {
return null;
}
string token = JSONReader.ReadToken ();
switch (token) {
case "Profile" : {
Out = null;
throw new Exception ("Can't create abstract type");
}
case "DeviceProfile" : {
var Result = new DeviceProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "MasterProfile" : {
var Result = new MasterProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "PersonalProfile" : {
var Result = new PersonalProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
case "ApplicationProfile" : {
var Result = new ApplicationProfile ();
Result.Deserialize (JSONReader);
Out = Result;
break;
}
default : {
//Ignore the unknown data
//throw new Exception ("Not supported");
break;
}
}
JSONReader.EndObject ();
return Out;
}
public void MeshStorem() {
File.Delete(Store);
File.Delete(Portal);
Mesh = new Mesh(Service, Store, Portal);
Mesh.CheckAccount(AccountID);
var DevProfile = new SignedDeviceProfile(Device1, Device1Description);
var UserProfile = new PersonalProfile(DevProfile);
var SignedProfile = UserProfile.Signed;
Mesh.CreateAccount(UserName, SignedProfile);
Mesh.GetAccount(UserName);
var PasswordProfile = new PasswordProfile(true);
var SignedPasswordProfile = PasswordProfile.Signed;
SignedProfile = UserProfile.Signed;
Mesh.AddProfile(SignedPasswordProfile);
Mesh.UpdateProfile(SignedProfile);
}
public void MeshStore () {
File.Delete(Store);
File.Delete(Portal);
Mesh = new Mesh(Service, Store, Portal);
Mesh.CheckAccount(AccountID);
var DevProfile = new SignedDeviceProfile(Device1, Device1Description);
var UserProfile = new PersonalProfile(DevProfile);
var SignedProfile = UserProfile.Signed;
Mesh.CreateAccount(AccountID, SignedProfile);
// Add the device to the profile entry in the parent.
var PasswordProfile = new PasswordProfile(true);
var SignedPasswordProfile = PasswordProfile.Signed;
SignedProfile = UserProfile.Signed;
Mesh.AddProfile(SignedPasswordProfile);
Mesh.UpdateProfile(SignedProfile);
// ok now pull the profile as a client.
var Account = Mesh.GetAccount(AccountID);
var AccountPersonalProfile = Mesh.GetPersonalProfile(Account.UserProfileUDF);
AccountPersonalProfile.SignedDeviceProfile = DevProfile;
var PasswordEntry = AccountPersonalProfile.GetPasswordProfile();
var SignedPasswordProfile2 =
Mesh.GetProfile(PasswordEntry.Identifier) as SignedProfile;
var AccountPasswordProfile = PasswordProfile.Get(
SignedPasswordProfile2, AccountPersonalProfile);
AccountPasswordProfile.Add(PWDSite, PWDUser, PWDPassword);
// Implement the second way to do things, cleaner.
//var AccountSignedPassword = new SignedPasswordProfile(AccountPasswordProfile);
var AccountSignedPassword = AccountPasswordProfile.Signed;
Mesh.UpdateProfile(AccountSignedPassword);
// Now add a new device
var DevProfile2 = new SignedDeviceProfile(Device2, Device2Description);
// Post Connect Request
Mesh.GetChainToken();
var ConnectionRequest = new ConnectionRequest(Account, DevProfile2);
Mesh.PostConnectionRequest(ConnectionRequest.Signed,
Account.UniqueID);
// Get list of pending requests
Mesh.GetPendingRequests(Account.AccountID);
// Accept pending request
var ConnectionResult = new ConnectionResult();
ConnectionResult.Result = "Accept";
ConnectionResult.Device = DevProfile2;
var SignedConnectionResult = new SignedConnectionResult(ConnectionResult,
AccountPersonalProfile.GetAdministrationKey());
Mesh.CloseConnectionRequest(Account.AccountID, SignedConnectionResult);
// Pull password data
Mesh.GetRequestStatus(Account.AccountID, DevProfile2.UDF);
// decrypt using device2 credential
var SignedPasswordProfile3 =
Mesh.GetProfile(PasswordEntry.Identifier) as SignedProfile;
var PP3 = PasswordProfile.Get(SignedPasswordProfile3, AccountPersonalProfile);
var PasswordPrivate = PP3.Private;
}
public void CheckValid () {
var DevProfile = new SignedDeviceProfile(Device1, Device1Description);
var UserProfile = new PersonalProfile(DevProfile);
var PasswordProfile = new PasswordProfile(UserProfile);
var SignedProfile = new SignedPersonalProfile(UserProfile);
//PasswordProfile.AddDevice(DevProfile);
Mesh.AddProfile(SignedProfile);
var UserProfile2 = Mesh.GetPersonalProfile(UserName);
}
/// <summary>
/// Create a new personal profile
/// </summary>
/// <param name="Options">Command line parameters</param>
public override void Personal(Personal Options) {
SetReporting(Options.Report, Options.Verbose);
var Address = Options.Portal.Value;
Utils.Assert((Address != null & Address != ""), "Must specify account");
// See if the portal exists and will accept the specified account name.
GetMeshClient(Address);
var AccountAvailable = MeshClient.Validate(AccountID);
if (!AccountAvailable.Valid) {
if (Options.Next.Value) {
GetNextAccount();
}
else {
Utils.Error("Portal refused account {0} because {1}",
Address, AccountAvailable.Reason);
}
}
// Get / create the device profile if required
RegistrationDevice RegistrationDevice = null;
bool Generate = false;
if (Options.DeviceNew.Value) {
Generate = true;
}
else if (Options.DeviceUDF.Value != null) {
// use the profile with the specified fingerprint
var Found = Machine.GetUDF(Options.DeviceUDF.Value, out RegistrationDevice);
Utils.Assert(Found, "Could not find profile " + Options.DeviceUDF.Value);
}
else if (Options.DeviceID.Value != null) {
// use the profile with the specified ID
var Found = Machine.GetID(Options.DeviceID.Value, out RegistrationDevice);
Utils.Assert(Found, "Could not find profile " + Options.DeviceID.Value);
}
else if (Machine.Device != null) {
RegistrationDevice = Machine.Device;
}
else {
Generate = true;
}
// Generate a new device profile
if (Generate) {
var DeviceID = Utils.Default(Options.DeviceID.Value, "Default");
var DeviceDescription = Utils.Default(Options.DeviceDescription.Value, "Unknown");
var NewProfileDevice = new SignedDeviceProfile(DeviceID, DeviceDescription);
RegistrationDevice = Machine.Add(NewProfileDevice);
}
var ProfileDevice = RegistrationDevice.Device;
var PersonalProfile = new PersonalProfile(ProfileDevice);
var SignedPersonalProfile = PersonalProfile.Signed;
// add to the machine registry
Machine.Add(SignedPersonalProfile, PortalID);
// Register with the Mesh portal
var PublishResult = MeshClient.Publish(SignedPersonalProfile);
Utils.Assert(PublishResult.Status.StatusSuccess(), "Portal refused profile publication request");
Report("Created new personal profile {0}", SignedPersonalProfile.UDF);
Report("Device profile is {0}", ProfileDevice.UDF);
Report("Profile registered to {0}", PortalID);
}
/// <summary>
/// Connect an application profile read from store to a PersonalProfile object.
/// </summary>
/// <param name="PersonalProfile">Personal profile to link</param>
/// <param name="ApplicationProfileEntry">Profile entry to link to</param>
public void Link(PersonalProfile PersonalProfile,
ApplicationProfileEntry ApplicationProfileEntry) {
this.PersonalProfile = PersonalProfile;
this.ApplicationProfileEntry = ApplicationProfileEntry;
ApplicationProfileEntry.ApplicationProfile = this;
}
/// <summary>
/// Create from a current personal profile.
/// </summary>
/// <param name="Data">The current profile to sign</param>
/// <exception cref="Exception">The administration key could not be found.</exception>
public SignedPersonalProfile(PersonalProfile Data) {
// Locate the administration key for this device.
var AdminKey = Data.GetAdministrationKey();
Throw.If(AdminKey == null, "Device not authorized for administration.");
// Make sure all the data is properly registered
Data.Package();
Identifier = Data.Identifier;
//Goedel.Debug.Trace.WriteLine("Data to be signed {0}", Data.ToString());
SignedData = new JoseWebSignature(Data.GetBytes(), AdminKey);
_Signed = Data;
}
///// <summary>
///// Create a new application profile and add it to the UserProfile.
///// </summary>
///// <param name="PersonalProfile">The personal profile to attach to.</param>
///// <param name="Type">Application type</param>
///// <param name="Tag">Friendly name</param>
//public ApplicationProfile(PersonalProfile PersonalProfile,
// string Type, string Tag) {
// this.PersonalProfile = PersonalProfile;
// Identifier = Goedel.Cryptography.UDF.Random();
// }
/// <summary>
/// Connect an application profile read from store to a PersonalProfile object.
/// </summary>
/// <param name="PersonalProfile">Personal profile to link</param>
public void Link(PersonalProfile PersonalProfile) {
ApplicationProfileEntry = PersonalProfile.GetApplicationEntry(Identifier);
if (ApplicationProfileEntry == null) throw new Throw("Not found");
Link(PersonalProfile, ApplicationProfileEntry);
ApplicationProfileEntry.ApplicationProfile = this;
}
//private void CheckSignedAdmin(PersonalProfile Unpacked) {
// // Get the UDF of the signing key.
// var SignatureKeyUDF = SignedData.ParsedHeader.kid;
// // Get the corresponding device key parameters.
// var SignedDevice = SignedDeviceProfile.FindSignatureKey(Unpacked.Devices, SignatureKeyUDF);
// // Is the device authorized for admin?
// bool Found = false;
// foreach (var Entry in Unpacked.AdministrationProfile.Entries) {
// if (Entry.UDF == SignedDevice.UDF) {
// Found = true;
// }
// }
// Throw.IfNot(Found, "Device not authorized to sign administration profile");
// // Check the signature.
// var SigningKey = SignedDevice.Signed.DeviceSignatureKey.KeyPair;
// var Verify = SignedData.Verify(SignatureKeyUDF, SigningKey);
// Throw.IfNot(Verify, "Profile signature does not verify");
// }
private void CheckSignedPOSK(PersonalProfile Unpacked) {
//// Get the UDF of the signing key.
//var SignatureKeyUDF = Unpacked.SignedAdministrationProfile.SignedData.ParsedHeader.kid;
//PublicKey SigningKey = null;
//foreach (var Key in Unpacked.PersonalMasterProfile.OnlineSignatureKeys) {
// if (Key.UDF == SignatureKeyUDF) {
// Throw.IfNot(Key.Verify(), "Invalid key");
// SigningKey = Key;
// }
// }
//Throw.If(SigningKey == null, "Administration profile not signed");
//// Check the signature.
//var Verify = Unpacked.SignedAdministrationProfile.SignedData.Verify(SignatureKeyUDF, SigningKey.KeyPair);
//Throw.IfNot(Verify, "Profile signature does not verify");
}
///// <summary>
///// Construct an empty network profile for the specified personal profile.
///// </summary>
///// <param name="UserProfile"></param>
//public NetworkProfile (PersonalProfile UserProfile)
// : base(UserProfile, "NetworkProfile", null) {
// _Private = new NetworkProfilePrivate ();
// }
/// <summary>
/// Get the default password profile in the specified personal profile.
/// </summary>
/// <param name="UserProfile">Presonal profile to search.</param>
/// <returns>Password application profile if found, null otherwise.</returns>
public static NetworkProfile Get(PersonalProfile UserProfile) {
//return UserProfile.GetApplication(typeof(PersonalProfile)) as NetworkProfile;
return null;
}
public static void Dump(PersonalProfile Item) {
if (Item == null) return;
Console.WriteLine(Item.ToString ());
}
public void TestRegistry() {
RegistrationMachine.Erase();
var MeshAddress = "Testing@wherever";
var Machine = RegistrationMachine.Current;
var NewProfileDevice = new SignedDeviceProfile("Test", "Test Device");
Machine.Add(NewProfileDevice);
var PersonalProfile = new PersonalProfile(NewProfileDevice);
var SignedPersonalProfile = PersonalProfile.Signed;
Machine.Add(SignedPersonalProfile, MeshAddress);
}
/// <summary>
/// Add a device to an application profile
/// </summary>
/// <param name="Entry">Applicationprofile entry to update</param>
/// <param name="PersonalProfile">Personal profile to link to</param>
/// <param name="Device">Signed device profile.</param>
public void AddDevice(ApplicationProfileEntry Entry,
PersonalProfile PersonalProfile,
SignedDeviceProfile Device) {
// Add an entry into the application profile
// This is not required for profile maintenance but
// is needed for navigation (it seems.
//Entry.ApplicationProfile.AddDevice(Device);
// Add entries into the application profile entry
// This sets up the permissions.
Entry.AddDevice(Device);
var SignedAppProfile = MeshClient.GetApplicationProfile(Entry.Identifier);
if (SignedAppProfile == null) return;
var AppProfile = SignedAppProfile.Signed;
AppProfile.Link(PersonalProfile);
AppProfile.EncryptPrivate();
var NewSignedAppProfile = new SignedApplicationProfile(AppProfile);
MeshClient.Publish(NewSignedAppProfile);
}
public void MeshStoreAPI() {
if (DoLocal) {
File.Delete(Store);
File.Delete(Portal);
MeshPortal.Default = new MeshPortalDirect(Store, Portal);
}
else {
JPCProvider.LocalLoopback = false;
var Portal = new MeshPortalRemote();
MeshPortal.Default = Portal;
}
MeshClient1 = new MeshClient(Service);
var valid = MeshClient1.Validate(AccountID);
if (!valid.Status.StatusSuccess()) {
Console.WriteLine("Validate failed");
}
var DevProfile = new SignedDeviceProfile(Device1, Device1Description);
var UserProfile = new PersonalProfile(DevProfile);
var SignedProfile = UserProfile.Signed;
MeshClient1.CreatePersonalProfile(AccountID, SignedProfile);
// Create a password profile
//var PasswordProfile = new PasswordProfile(UserProfile);
//var SignedPasswordProfile = PasswordProfile.Signed;
//SignedProfile = UserProfile.Signed;
//MeshClient1.Publish(SignedPasswordProfile);
//MeshClient1.Publish(SignedProfile);
MeshClient2 = new MeshClient(Service, AccountID);
MeshClient2.SignedDeviceProfile = DevProfile;
MeshClient2.GetPersonalProfile();
// Read back the password profile and add entry
var AccountPasswordProfile = MeshClient2.GetPasswordProfile();
AccountPasswordProfile.Add(PWDSite, PWDUser, PWDPassword);
var AccountSignedPassword = AccountPasswordProfile.Signed;
// Publish updates to both profiles.
MeshClient2.Publish(AccountSignedPassword);
// Create a new device profile.
var DevProfile2 = new SignedDeviceProfile(Device2, Device2Description);
MeshClient3 = new MeshClient(Service, AccountID);
MeshClient3.ConnectRequest(DevProfile2);
MeshClient2.ConnectStatus(DevProfile2.UniqueID);
var PendingResponse = MeshClient1.ConnectPending();
foreach (var Request in PendingResponse.Pending) {
MeshClient1.ConnectClose(Request, ConnectionStatus.Accepted);
}
MeshClient3.ConnectStatus(DevProfile2.UniqueID);
MeshClient3.GetPasswordProfile();
}
