public async Task HandleDecryptedData(DecryptedData data)
{
foreach (var handler in DataHandlers)
{
await handler.Execute(data);
}
}
protected virtual ClaimsIdentity ConvertTicket(DecryptedData data)
{
var ticket = data.Ticket;
var claims = new List <Claim>();
foreach (var authData in ticket.AuthorizationData)
{
foreach (var authz in authData.Authorizations)
{
if (authz.Type == AuthorizationDataValueType.AD_WIN2K_PAC)
{
var pac = (PacElement)authz;
if (validator.ValidateAfterDecrypt.HasFlag(ValidationActions.Pac))
{
validator.Validate(pac, data.SName);
}
MergeAttributes(ticket, pac.Certificate, claims);
}
}
}
claims.Add(new Claim("Validated", validator.ValidateAfterDecrypt.ToString().Replace(", ", " ")));
return(new ClaimsIdentity(claims, "Kerberos", ClaimTypes.NameIdentifier, ClaimTypes.Role));
}
protected override ClaimsIdentity ConvertTicket(DecryptedData data)
{
if (data == null || data.Ticket == null)
{
return(null);
}
return(base.ConvertTicket(data));
}
public void Decrypt()
{
byte[] data = new byte[1024];
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
try
{
if (privatexml.Length == 0)
{
_ispriv_xml = false;
MessageBox.Show("Файл с закрытым ключем пуст...");
return;
}
else
{
rsa.FromXmlString(privatexml);
}
}
catch (Exception ex)
{
MessageBox.Show("Проблема с RSA... \n" + ex.Message.ToString());
}
try
{
data = Convert.FromBase64String(s3);
}
catch (FileNotFoundException)
{
MessageBox.Show("Data file does not exist...");
return;
}
try
{
DecryptedData = rsa.Decrypt(data, false);
}
catch (CryptographicException ex)
{
MessageBox.Show("Ошибка расшифровки... \n" + ex.Message.ToString());
return;
}
text = Encoding.UTF8.GetString(DecryptedData);
s1.Substring(0, 18);
txtChat.Text = s1 + temp2 + text + "\r\n";
for (int i = 0; i < data.Length - 1; i++)
{
data.SetValue((byte)0, i);
}
for (int i = 0; i < DecryptedData.Length - 1; i++)
{
DecryptedData.SetValue((byte)0, i);
}
}
protected virtual ClaimsIdentity ConvertTicket(DecryptedData data)
{
var ticket = data.Ticket;
var claims = new List <Claim>();
foreach (var authz in ticket.AuthorizationData.Authorizations)
{
if (authz.PrivilegedAttributeCertificate != null)
{
MergeAttributes(ticket, authz.PrivilegedAttributeCertificate, claims);
}
}
return(new ClaimsIdentity(claims, "Kerberos", ClaimTypes.NameIdentifier, ClaimTypes.Role));
}
protected virtual void Validate(DecryptedData decryptedToken)
{
decryptedToken.Validate();
var ctime = decryptedToken.Authenticator.CTime.ToFileTime();
var cusec = decryptedToken.Authenticator.CuSec;
var cname = decryptedToken.Authenticator.CName.GetHashCode();
var crealm = decryptedToken.Authenticator.Realm;
var ticketIdentifier = $"{ctime}${cusec}${cname}${crealm}";
if (!TokenCache.Add(ticketIdentifier))
{
throw new SecurityException($"Tickets can only be used once. This ticket has already been used: {ticketIdentifier}");
}
}
private object DecodeBase64Data(DecryptedData data)
{
if (data.DataType == DataType.Number)
{
var number = BitConverter.ToDouble(Convert.FromBase64String(data.Base64Data));
if (data.DataSource == DataSourceType.Battery)
{
number *= 100;
}
return(number);
}
if (data.DataType == DataType.Json)
{
return(Encoding.UTF8.GetString(Convert.FromBase64String(data.Base64Data)));
}
return(JsonConvert.DeserializeObject(Encoding.UTF8.GetString(Convert.FromBase64String(data.Base64Data))));
}
private static DecryptedData Decrypt(KrbApReq token, KeyTable keytab)
{
if (token?.Ticket?.EncPart == null)
{
return(null);
}
DecryptedData decryptor = null;
if (Decryptors.TryGetValue(token.Ticket.EncPart.EType, out Func <KrbApReq, DecryptedData> func) && func != null)
{
decryptor = func(token);
}
if (decryptor != null)
{
decryptor.Decrypt(keytab);
}
return(decryptor);
}
public DecryptedData DecryptWithBaseKey(byte[] basekey)
{
DecryptedData decryptor = null;
switch (NegotiationToken.MechToken.InnerContextToken.Ticket.EncPart.EType)
{
case EncryptionType.RC4_HMAC_NT:
case EncryptionType.RC4_HMAC_NT_EXP:
decryptor = new RC4DecryptedData(NegotiationToken.MechToken.InnerContextToken, null, basekey);
break;
case EncryptionType.AES128_CTS_HMAC_SHA1_96:
case EncryptionType.AES256_CTS_HMAC_SHA1_96:
break;
}
if (decryptor != null)
{
decryptor.Decrypt();
}
return(decryptor);
}
private bool TryDecrypt(DataContract message, out DecryptedData decryptedData, string passwordHash)
{
decryptedData = null;
var keyPaths = this.GetAllPgpKeysForUserId(message.UserId);
var directory = Path.GetDirectoryName(Assembly.GetEntryAssembly().Location);
var inputFilePath = Path.Combine(directory, "message.pgp");
var outputFilePath = Path.Combine(directory, "message__decrypted");
foreach (var path in keyPaths)
{
File.WriteAllBytes(inputFilePath, Convert.FromBase64String(message.EncryptedData));
var isSuccessful = DataProtector.DecryptFile(inputFilePath, outputFilePath, path, passwordHash);
if (isSuccessful)
{
decryptedData = JsonConvert.DeserializeObject <DecryptedData>(File.ReadAllText(outputFilePath));
File.Delete(inputFilePath);
File.Delete(outputFilePath);
return(true);
}
}
if (File.Exists(inputFilePath))
{
File.Delete(inputFilePath);
}
if (File.Exists(outputFilePath))
{
File.Delete(outputFilePath);
}
return(false);
}
public bool TryDecrypt(DataContract message, out DecryptedData decryptedData)
{
decryptedData = null;
var keyPaths = this.GetAllPgpKeyPaths();
foreach (var path in keyPaths)
{
var firstFileName = Path.GetFileNameWithoutExtension(path);
var file = this.Configuration.GetSection("KeyCredentials")
.Get <PrivateKeyCredentials[]>()
.FirstOrDefault(k => k.Purpose == Path.GetFileNameWithoutExtension(firstFileName));
if (file == null)
{
continue;
}
var directory = Path.GetDirectoryName(Assembly.GetEntryAssembly().Location);
var inputFilePath = Path.Combine(directory, "message.pgp");
var outputFilePath = Path.Combine(directory, "message__decrypted");
File.WriteAllBytes(inputFilePath, Convert.FromBase64String(message.EncryptedData));
var isSuccessful = DataProtector.DecryptFile(inputFilePath, outputFilePath, path, file.Password);
if (isSuccessful)
{
decryptedData = JsonConvert.DeserializeObject <DecryptedData>(File.ReadAllText(outputFilePath));
File.Delete(inputFilePath);
File.Delete(outputFilePath);
return(true);
}
}
return(false);
}
protected virtual async Task Validate(DecryptedData decryptedToken)
{
var sequence = ObscureSequence(decryptedToken.Authenticator.SequenceNumber);
var container = ObscureContainer(decryptedToken.Ticket.CRealm);
var entry = new TicketCacheEntry
{
Key = sequence,
Container = container,
Expires = decryptedToken.Ticket.EndTime
};
var replayDetected = true;
var detectReplay = ValidateAfterDecrypt.HasFlag(ValidationActions.Replay);
if (!detectReplay)
{
decryptedToken.Validate(ValidateAfterDecrypt);
replayDetected = false;
}
else if (!(await TokenCache.Contains(entry)))
{
decryptedToken.Validate(ValidateAfterDecrypt);
if (await TokenCache.Add(entry))
{
replayDetected = false;
}
}
if (replayDetected)
{
throw new ReplayException($"Replay detected in container '{entry.Container}' with key {entry.Key}.");
}
}
public Task Execute(DecryptedData data)
{
if (data.DataSource != DataSourceType.Battery)
{
return(Task.CompletedTask);
}
if (data.DataType != DataType.Number)
{
return(Task.CompletedTask);
}
var actualData = BitConverter.ToDouble(Convert.FromBase64String(data.Base64Data));
var directory = Path.GetDirectoryName(Assembly.GetEntryAssembly().Location);
var inputFilePath = Path.Combine(directory, "battery_data.csv");
var delimitator = File.Exists(inputFilePath) ? ";" : "";
using (var stream = File.AppendText(inputFilePath))
{
stream.Write($"{delimitator}{(int)(actualData * 100)}");
}
return(Task.CompletedTask);
}
protected override Task Validate(DecryptedData decryptedToken)
{
Data = decryptedToken;
return(base.Validate(decryptedToken));
}
