public void Configure(KeyManagementOptions options)
        {
            RegistryPolicy context = null;

            if (_registryPolicyResolver != null)
            {
                context = _registryPolicyResolver.ResolvePolicy();
            }

            if (context != null)
            {
                if (context.DefaultKeyLifetime.HasValue)
                {
                    options.NewKeyLifetime = TimeSpan.FromDays(context.DefaultKeyLifetime.Value);
                }

                options.AuthenticatedEncryptorConfiguration = context.EncryptorConfiguration;

                var escrowSinks = context.KeyEscrowSinks;
                if (escrowSinks != null)
                {
                    foreach (var escrowSink in escrowSinks)
                    {
                        options.KeyEscrowSinks.Add(escrowSink);
                    }
                }
            }

            if (options.AuthenticatedEncryptorConfiguration == null)
            {
                options.AuthenticatedEncryptorConfiguration = new AuthenticatedEncryptorConfiguration();
            }

            options.AuthenticatedEncryptorFactories.Add(new CngGcmAuthenticatedEncryptorFactory(_loggerFactory));
            options.AuthenticatedEncryptorFactories.Add(new CngCbcAuthenticatedEncryptorFactory(_loggerFactory));
            options.AuthenticatedEncryptorFactories.Add(new ManagedAuthenticatedEncryptorFactory(_loggerFactory));
            options.AuthenticatedEncryptorFactories.Add(new AuthenticatedEncryptorFactory(_loggerFactory));
        }
Пример #2
0
        public static void SetSecurityTemplatePolicy(Guid gpoGuid, bool enable, Dictionary <string, string> defaultPolicy)
        {
            string gpoPath = GetExistingGPOPath(gpoGuid, true);
            string regfile = Path.Combine(gpoPath, "registry.pol");

            int lastError = 0;

            if (File.Exists(regfile) == false)
            {
                bool successMakeSureDirectoryPathExists = true;
                if (!Directory.Exists(gpoPath))
                {
                    successMakeSureDirectoryPathExists = MakeSureDirectoryPathExists(gpoPath);
                }
                lastError = Marshal.GetLastWin32Error();
                if (successMakeSureDirectoryPathExists)
                {
                    using (FileStream stream = new FileStream(regfile, FileMode.CreateNew))
                        using (BinaryWriter binwriter = new BinaryWriter(stream))
                        {
                            binwriter.Write(RegFileSignature);
                            binwriter.Write(RegFileVersion);
                            binwriter.Flush();
                            binwriter.Close();
                            stream.Close();
                        }
                }
                else
                {
                    throw new MultipleGroupPolicyObjectsFoundException(String.Format(CultureInfo.InvariantCulture, "registry.pol folder could not create with error code:{0:X}, make sure your AD is in correct status.", lastError));
                }
            }
            using (RegistryPolicy regpol = new RegistryPolicy(Domain.GetCurrentDomain(), gpoGuid, false))
            {
                string key, name;
                UInt32 value;
                if (enable == true)
                {
                    foreach (KeyValuePair <string, string> p in defaultPolicy)
                    {
                        // RegKeyBase = "Software\\Policies\\Microsoft"
                        string temp = p.Key;
                        key   = Path.Combine(RegKeyBase, temp.Substring(0, temp.LastIndexOf('\\')));
                        name  = temp.Substring(temp.LastIndexOf('\\') + 1);
                        value = UInt32.Parse(p.Value, System.Globalization.NumberStyles.AllowHexSpecifier, CultureInfo.InvariantCulture);
                        // sample
                        // key = "Software\\Policies\\Microsoft\\Windows Defender\\Scan";
                        // name = "CheckForSignaturesBeforeRunningScan";
                        regpol.WriteDWordValue(RegistryHive.LocalMachine, key, name, value);
                    }
                }
                else
                {
                    if (defaultPolicy.Count > 0)
                    {
                        // RegKeyBase = "Software\\Policies\\Microsoft"
                        foreach (KeyValuePair <string, string> p in defaultPolicy)
                        {
                            // RegKeyBase = "Software\\Policies\\Microsoft"
                            string temp = p.Key;
                            key  = Path.Combine(RegKeyBase, temp.Substring(0, temp.LastIndexOf('\\')));
                            name = temp.Substring(temp.LastIndexOf('\\') + 1);
                            // sample
                            // key = "Software\\Policies\\Microsoft\\Windows Defender\\Scan";
                            // name = "CheckForSignaturesBeforeRunningScan";
                            Console.WriteLine(String.Format(CultureInfo.InvariantCulture, "Delete(HKLM, \"{0}\", \"{1}\")", key, name));
                            try
                            {
                                regpol.Delete(RegistryHive.LocalMachine, key, name);
                            }
                            catch (ObjectDisposedException ex)
                            {
                                // some error, but not care
                                Console.WriteLine("RegistryPolicy.Delete() failed, but ignore: " + ex.Message);
                            }
                            catch (InvalidOperationException ex)
                            {
                                // some error, but not care
                                Console.WriteLine("RegistryPolicy.Delete() failed, but ignore: " + ex.Message);
                            }
                            catch (ArgumentNullException ex)
                            {
                                // some error, but not care
                                Console.WriteLine("RegistryPolicy.Delete() failed, but ignore: " + ex.Message);
                            }
                            catch (ArgumentException ex)
                            {
                                // some error, but not care
                                Console.WriteLine("RegistryPolicy.Delete() failed, but ignore: " + ex.Message);
                            }
                        }
                    }
                }
                Console.WriteLine(String.Format(CultureInfo.InvariantCulture, "Registry policy file is saved in \"{0}\".", regfile));
                regpol.Save(true);
            }
        }
Пример #3
0
        public static void SetSecurityTemplatePolicy(Guid gpoGuid, bool enable, Dictionary<string, string> defaultPolicy)
        {
            string gpoPath = GetExistingGPOPath(gpoGuid, true);
            string regfile = Path.Combine(gpoPath, "registry.pol");

            int lastError = 0;
            if (File.Exists(regfile) == false)
            {
                bool successMakeSureDirectoryPathExists = true;
                if (!Directory.Exists(gpoPath))
                {
                    successMakeSureDirectoryPathExists = MakeSureDirectoryPathExists(gpoPath);
                }
                lastError = Marshal.GetLastWin32Error();
                if (successMakeSureDirectoryPathExists)
                {
                    using (FileStream stream = new FileStream(regfile, FileMode.CreateNew))
                    using (BinaryWriter binwriter = new BinaryWriter(stream))
                    {
                        binwriter.Write(RegFileSignature);
                        binwriter.Write(RegFileVersion);
                        binwriter.Flush();
                        binwriter.Close();
                        stream.Close();
                    }
                }
                else
                {
                    throw new MultipleGroupPolicyObjectsFoundException(String.Format(CultureInfo.InvariantCulture, "registry.pol folder could not create with error code:{0:X}, make sure your AD is in correct status.", lastError));
                }
            }
            using (RegistryPolicy regpol = new RegistryPolicy(Domain.GetCurrentDomain(), gpoGuid, false))
            {
                string key, name;
                UInt32 value;
                if (enable == true)
                {
                    foreach (KeyValuePair<string, string> p in defaultPolicy)
                    {
                        // RegKeyBase = "Software\\Policies\\Microsoft"
                        string temp = p.Key;
                        key = Path.Combine(RegKeyBase, temp.Substring(0, temp.LastIndexOf('\\')));
                        name = temp.Substring(temp.LastIndexOf('\\') + 1);
                        value = UInt32.Parse(p.Value, System.Globalization.NumberStyles.AllowHexSpecifier, CultureInfo.InvariantCulture);
                        // sample
                        // key = "Software\\Policies\\Microsoft\\Windows Defender\\Scan";
                        // name = "CheckForSignaturesBeforeRunningScan";
                        regpol.WriteDWordValue(RegistryHive.LocalMachine, key, name, value);
                    }
                }
                else
                {
                    if (defaultPolicy.Count > 0)
                    {
                        // RegKeyBase = "Software\\Policies\\Microsoft"
                        foreach (KeyValuePair<string, string> p in defaultPolicy)
                        {
                            // RegKeyBase = "Software\\Policies\\Microsoft"
                            string temp = p.Key;
                            key = Path.Combine(RegKeyBase, temp.Substring(0, temp.LastIndexOf('\\')));
                            name = temp.Substring(temp.LastIndexOf('\\') + 1);
                            // sample
                            // key = "Software\\Policies\\Microsoft\\Windows Defender\\Scan";
                            // name = "CheckForSignaturesBeforeRunningScan";
                            Console.WriteLine(String.Format(CultureInfo.InvariantCulture, "Delete(HKLM, \"{0}\", \"{1}\")", key, name));
                            try
                            {
                                regpol.Delete(RegistryHive.LocalMachine, key, name);
                            }
                            catch (ObjectDisposedException ex)
                            {
                                // some error, but not care
                                Console.WriteLine("RegistryPolicy.Delete() failed, but ignore: " + ex.Message);
                            }
                            catch (InvalidOperationException ex)
                            {
                                // some error, but not care
                                Console.WriteLine("RegistryPolicy.Delete() failed, but ignore: " + ex.Message);
                            }
                            catch (ArgumentNullException ex)
                            {
                                // some error, but not care
                                Console.WriteLine("RegistryPolicy.Delete() failed, but ignore: " + ex.Message);
                            }
                            catch (ArgumentException ex)
                            {
                                // some error, but not care
                                Console.WriteLine("RegistryPolicy.Delete() failed, but ignore: " + ex.Message);
                            }
                        }
                    }
                }
                Console.WriteLine(String.Format(CultureInfo.InvariantCulture, "Registry policy file is saved in \"{0}\".", regfile));
                regpol.Save(true);
            }
        }