public static JocysCom.WebSites.Engine.Security.Data.User GetUser(CloudMessage message)
{
var values = message.Values;
if (values == null)
{
return(null);
}
var randomPasswordEncrypted = values.GetValue <string>(CloudKey.RandomPassword);
if (string.IsNullOrEmpty(randomPasswordEncrypted))
{
return(null);
}
// Decrypt random password supplied by the user.
var rsa = new JocysCom.ClassLibrary.Security.Encryption(CloudKey.Cloud);
message.Values.DecryptRandomPassword(rsa.RsaPublicKeyValue, rsa.RsaPrivateKeyValue);
var username = values.GetValue <string>(CloudKey.Username, null, true);
var password = values.GetValue <string>(CloudKey.Password, null, true);
// If user password is not valid then return
if (!Membership.ValidateUser(username, password))
{
return(null);
}
var user = JocysCom.WebSites.Engine.Security.Data.User.GetUser(username);
return(user);
}
/// <summary>
/// Decrypt message and get cloud key value as GUID.
/// </summary>
public static Guid?GetGuidId(string cloudKey, CloudMessage input, out string error)
{
var values = input.Values;
error = null;
if (values == null)
{
error = "Input message is null";
return(null);
}
var randomPasswordEncrypted = values.GetValue <string>(CloudKey.RandomPassword);
if (string.IsNullOrEmpty(randomPasswordEncrypted))
{
return(null);
}
// Decrypt random password supplied by the user.
var rsa = new JocysCom.ClassLibrary.Security.Encryption(CloudKey.Cloud);
input.Values.DecryptRandomPassword(rsa.RsaPublicKeyValue, rsa.RsaPrivateKeyValue);
// Try to get computer id.
var guidId = input.Values.GetValue(cloudKey, Guid.Empty, true);
if (guidId == Guid.Empty)
{
error = string.Format("{0} value is empty", cloudKey);
return(null);
}
return(guidId);
}
private void AddRsaPublicKey(CloudMessage results)
{
var rsa = new JocysCom.ClassLibrary.Security.Encryption(CloudKey.Cloud);
if (string.IsNullOrEmpty(rsa.RsaPublicKeyValue))
{
rsa.RsaNewKeysSave(2048);
}
results.Values.Add(CloudKey.RsaPublicKey, rsa.RsaPublicKeyValue);
}
public string GetPublicRsaKey()
{
var rsa = new JocysCom.ClassLibrary.Security.Encryption("Cloud");
if (string.IsNullOrEmpty(rsa.RsaPublicKeyValue))
{
rsa.RsaNewKeysSave(2048);
}
return(rsa.RsaPublicKeyValue);
}
public void DecryptRandomPassword(string localRsaPublicKey, string localRsaPrivateKey)
{
// Decrypt random password supplied by the user.
var rsa = new JocysCom.ClassLibrary.Security.Encryption();
rsa.RsaPublicKeyValue = localRsaPublicKey;
rsa.RsaPrivateKeyValue = localRsaPrivateKey;
var randomPasswordEncrypted = GetValue <string>(CloudKey.RandomPassword);
_RandomPassword = rsa.RsaDecrypt(randomPasswordEncrypted);
}
public void AddRandomPassword(string remoteRsaPublicKey)
{
// Prepare to encrypt data.
var rsa = new JocysCom.ClassLibrary.Security.Encryption();
rsa.RsaPublicKeyValue = remoteRsaPublicKey;
// Generate random password...
_RandomPassword = Guid.NewGuid().ToString("N");
// Encrypt and add random password with RSA...
var randomPasswordEncrypted = rsa.RsaEncrypt(_RandomPassword);
Add(CloudKey.RandomPassword, randomPasswordEncrypted);
}
/// <summary>
/// Submit changed data to the cloud.
/// </summary>
Exception Execute <T>(CloudAction action)
{
var ws = new WebServiceClient();
ws.Url = SettingsManager.Options.InternetDatabaseUrl;
CloudResults result = null;
try
{
var citems = data.Where(x => x.Action == action);
var items = citems.Select(x => x.Item).OfType <T>().ToList();
if (items.Count > 0)
{
var command = new CloudCommand();
command.Action = action;
if (typeof(T) == typeof(UserGame))
{
command.UserGames = items as List <UserGame>;
}
else if (typeof(T) == typeof(UserController))
{
command.UserControllers = items as List <UserController>;
}
// Add secure credentials.
var rsa = new JocysCom.ClassLibrary.Security.Encryption("Cloud");
if (string.IsNullOrEmpty(rsa.RsaPublicKeyValue))
{
var username = rsa.RsaEncrypt("username");
var password = rsa.RsaEncrypt("password");
ws.SetCredentials(username, password);
}
result = ws.Execute(command);
if (result.ErrorCode > 0)
{
queueTimer.SleepTimer.Interval = 5 * 60 * 1000;
return(new Exception(result.ErrorMessage));
}
foreach (var item in citems)
{
data.Remove(item);
}
}
}
catch (Exception ex)
{
// Sleep for 5 minutes;
queueTimer.SleepTimer.Interval = 5 * 60 * 1000;
return(ex);
}
return(null);
}
public bool CheckAndFixUserRsaKeys()
{
// If user RSA keys are missing then...
if (string.IsNullOrEmpty(UserRsaPublicKey))
{
// Create new RSA keys which will be used to send encrypted credentials.
var rsa = new JocysCom.ClassLibrary.Security.Encryption(CloudKey.User);
var keys = rsa.RsaNewKeys(2048);
UserRsaPublicKey = keys.Public;
UserRsaPrivateKey = keys.Private;
return(true);
}
return(false);
}
private void LoginButton_Click(object sender, EventArgs e)
{
// Secure login over insecure webservices.
if (LoginButton.Text == "Log In")
{
var o = SettingsManager.Options;
var saveOptions = false;
// If user RSA keys are missing then...
if (string.IsNullOrEmpty(o.UserRsaPublicKey))
{
// Create new RSA keys which will be used to send encrypted credentials.
var rsa = new JocysCom.ClassLibrary.Security.Encryption(CloudKey.User);
var keys = rsa.RsaNewKeys(2048);
o.UserRsaPublicKey = keys.Public;
o.UserRsaPrivateKey = keys.Private;
saveOptions = true;
}
var ws = new WebServiceClient();
var url = MainForm.Current.OptionsPanel.InternetDatabaseUrlComboBox.Text;
ws.Url = url;
CloudMessage results;
// If cloud RSA keys are missing then...
if (string.IsNullOrEmpty(o.CloudRsaPublicKey))
{
// Step 1: Get Server's Public RSA key for encryption.
var msg = CloudHelper.NewMessage(CloudAction.GetPublicRsaKey);
msg.Values.Add(CloudKey.RsaPublicKey, o.UserRsaPublicKey);
// Retrieve public RSA key.
results = ws.Execute(msg);
if (results.ErrorCode == 0)
{
o.CloudRsaPublicKey = results.Values.GetValue<string>(CloudKey.RsaPublicKey);
saveOptions = true;
}
}
if (saveOptions)
{
SettingsManager.OptionsData.Save();
}
var cmd2 = CloudHelper.NewMessage(CloudAction.LogIn, o.UserRsaPublicKey, o.CloudRsaPublicKey, UsernameTextBox.Text, PasswordTextBox.Text);
cmd2.Values.Add(CloudKey.HashedDiskId, o.HashedDiskId);
results = ws.Execute(cmd2);
}
else
{
}
}
//
public void UpsertRandomPassword(string remoteRsaPublicKey)
{
// Generate random password if not exist for the message.
_RandomPassword = _RandomPassword ?? Guid.NewGuid().ToString("N");
// Prepare to encrypt data.
var rsa = new JocysCom.ClassLibrary.Security.Encryption();
rsa.RsaPublicKeyValue = remoteRsaPublicKey;
// Encrypt random password with RSA public key...
var randomPasswordEncrypted = rsa.RsaEncrypt(_RandomPassword);
// Reomove old random password if exist.
RemoveAll(x => Equals(x.Key, CloudKey.RandomPassword));
// Add new random password to the list.
Add(CloudKey.RandomPassword, randomPasswordEncrypted);
}
/// <summary>
/// Submit changed data to the cloud.
/// </summary>
void Execute <T>(CloudAction action)
{
MainForm.Current.LoadingCircle = true;
var ws = new WebServiceClient();
ws.Url = MainForm.Current.OptionsPanel.InternetDatabaseUrlComboBox.Text;
CloudResults result = null;
try
{
var items = data.Where(x => x.Action == action).Select(x => x.Item).OfType <T>().ToList();
if (items.Count > 0)
{
var command = new CloudCommand();
command.Action = action;
if (typeof(T) == typeof(Game))
{
command.Games = items as List <Game>;
}
else if (typeof(T) == typeof(UserController))
{
command.UserControllers = items as List <UserController>;
}
// Add secure credentials.
var rsa = new JocysCom.ClassLibrary.Security.Encryption("Cloud");
if (string.IsNullOrEmpty(rsa.RsaPublicKeyValue))
{
var username = rsa.RsaEncrypt("username");
var password = rsa.RsaEncrypt("password");
ws.SetCredentials(username, password);
}
result = ws.Execute(command);
MainForm.Current.SetHeaderBody(result.ErrorCode == 0 ? MessageBoxIcon.Information : MessageBoxIcon.Error, result.ErrorMessage);
}
}
catch (Exception ex)
{
var error = ex.Message;
if (ex.InnerException != null)
{
error += "\r\n" + ex.InnerException.Message;
}
MainForm.Current.SetHeaderBody(MessageBoxIcon.Error, error);
}
}
/// <summary>
/// Decrypt message and get user if supplied user name and password is valid.
/// </summary>
public static JocysCom.WebSites.Engine.Security.Data.User GetUser(CloudMessage input, out string error)
{
var values = input.Values;
error = null;
if (values == null)
{
error = "Input message is null";
return(null);
}
var randomPasswordEncrypted = values.GetValue <string>(CloudKey.RandomPassword);
if (string.IsNullOrEmpty(randomPasswordEncrypted))
{
return(null);
}
// Decrypt random password supplied by the user.
var rsa = new JocysCom.ClassLibrary.Security.Encryption(CloudKey.Cloud);
input.Values.DecryptRandomPassword(rsa.RsaPublicKeyValue, rsa.RsaPrivateKeyValue);
// Try to get user by user name.
var username = values.GetValue <string>(CloudKey.Username, null, true);
var password = values.GetValue <string>(CloudKey.Password, null, true);
if (string.IsNullOrEmpty(username))
{
error = "User name is empty";
return(null);
}
if (string.IsNullOrEmpty(password))
{
error = "Password is empty";
return(null);
}
// If user password is valid then...
if (!Membership.ValidateUser(username, password))
{
error = "Invalid user credentials";
}
// Return user.
return(JocysCom.WebSites.Engine.Security.Data.User.GetUser(username));
}
//[System.Web.Services.Protocols.SoapHeader("Authentication")]
public CloudMessage Execute(CloudMessage command)
{
var results = new CloudMessage();
var messages = new List <string>();
try
{
JocysCom.WebSites.Engine.Security.Data.User user;
switch (command.Action)
{
case CloudAction.LogIn:
// Action requires valid user.
user = CloudHelper.GetUser(command);
if (user == null)
{
messages.Add("Not authorised");
results.ErrorCode = 2;
}
break;
case CloudAction.GetPublicRsaKey:
var rsa = new JocysCom.ClassLibrary.Security.Encryption(CloudKey.Cloud);
if (string.IsNullOrEmpty(rsa.RsaPublicKeyValue))
{
rsa.RsaNewKeysSave(2048);
}
results.Values = new KeyValueList();
results.Values.Add(CloudKey.RsaPublicKey, rsa.RsaPublicKeyValue);
break;
case CloudAction.Delete:
// Action requires valid user.
user = CloudHelper.GetUser(command);
if (user == null)
{
messages.Add("Not authorised");
results.ErrorCode = 2;
}
else
{
messages.Add(Delete(command.UserControllers));
messages.Add(Delete(command.UserGames));
}
break;
case CloudAction.Insert:
case CloudAction.Update:
// Action requires valid user.
user = CloudHelper.GetUser(command);
if (user == null)
{
messages.Add("Not authorised");
results.ErrorCode = 2;
}
else
{
messages.Add(Upsert(command.UserControllers));
messages.Add(Upsert(command.UserGames));
}
break;
default:
break;
}
results.ErrorMessage = string.Join("\r\n", messages.Where(x => !string.IsNullOrEmpty(x)));
}
catch (Exception ex)
{
results.ErrorCode = 1;
results.ErrorMessage = ex.Message;
}
return(results);
}
//[System.Web.Services.Protocols.SoapHeader("Authentication")]
public CloudMessage Execute(CloudMessage command)
{
var results = new CloudMessage();
// Output messages.
var messages = new List <string>();
try
{
JocysCom.WebSites.Engine.Security.Data.User user;
string error;
bool fixSuccess;
switch (command.Action)
{
case CloudAction.LogIn:
// Action requires valid user.
user = CloudHelper.GetUser(command, out error);
if (user == null)
{
messages.Add("Not authorized");
results.ErrorCode = 2;
}
break;
case CloudAction.GetPublicRsaKey:
var rsa = new JocysCom.ClassLibrary.Security.Encryption(CloudKey.Cloud);
if (string.IsNullOrEmpty(rsa.RsaPublicKeyValue))
{
rsa.RsaNewKeysSave(2048);
}
results.Values = new KeyValueList();
results.Values.Add(CloudKey.RsaPublicKey, rsa.RsaPublicKeyValue);
break;
case CloudAction.Insert:
case CloudAction.Update:
// Insert or update user records.
fixSuccess = command.FixComputerId(out error);
if (fixSuccess)
{
DatabaseHelper.Upsert(command, messages);
}
else
{
messages.Add(error);
results.ErrorCode = 2;
}
break;
case CloudAction.Select:
// Select user records.
fixSuccess = command.FixComputerId(out error);
if (fixSuccess)
{
DatabaseHelper.Select(command, results, messages, out error);
}
else
{
messages.Add(error);
results.ErrorCode = 2;
}
break;
case CloudAction.Delete:
// Delete user records.
fixSuccess = command.FixComputerId(out error);
if (fixSuccess)
{
DatabaseHelper.Delete(command, messages);
}
else
{
messages.Add(error);
results.ErrorCode = 2;
}
break;
case CloudAction.CheckUpdates:
var clientVersion = command.Values.GetValue <string>(CloudKey.ClientVersion);
results.Values.Add(CloudKey.ServerVersion, clientVersion);
//results.Values.Add(CloudKey.UpdateUrl, "https://github.com/x360ce/x360ce/blob/master/x360ce.Web/Files/x360ce.zip?raw=true");
results.Values.Add(CloudKey.UpdateUrl, JocysCom.ClassLibrary.Security.TokenHelper.GetApplicationUrl() + "/Files/x360ce_beta.zip");
break;
default:
break;
}
results.ErrorMessage = string.Join("\r\n", messages.Where(x => !string.IsNullOrEmpty(x)));
}
catch (Exception ex)
{
results.ErrorCode = 1;
results.ErrorMessage = "Server: " + ex.Message;
}
return(results);
}
//[System.Web.Services.Protocols.SoapHeader("Authentication")]
public CloudMessage Execute(CloudMessage command)
{
var results = new CloudMessage();
var messages = new List <string>();
try
{
JocysCom.WebSites.Engine.Security.Data.User user;
string error;
Guid? computerId;
switch (command.Action)
{
case CloudAction.LogIn:
// Action requires valid user.
user = CloudHelper.GetUser(command, out error);
if (user == null)
{
messages.Add("Not authorised");
results.ErrorCode = 2;
}
break;
case CloudAction.GetPublicRsaKey:
var rsa = new JocysCom.ClassLibrary.Security.Encryption(CloudKey.Cloud);
if (string.IsNullOrEmpty(rsa.RsaPublicKeyValue))
{
rsa.RsaNewKeysSave(2048);
}
results.Values = new KeyValueList();
results.Values.Add(CloudKey.RsaPublicKey, rsa.RsaPublicKeyValue);
break;
case CloudAction.Delete:
// Action requires valid user.
computerId = CloudHelper.GetComputerId(command, out error);
if (computerId.HasValue)
{
foreach (var item in command.UserGames)
{
item.ComputerId = computerId.Value;
}
foreach (var item in command.UserDevices)
{
item.ComputerId = computerId.Value;
}
messages.Add(Delete(command.UserDevices));
messages.Add(Delete(command.UserGames));
}
else
{
messages.Add(error);
results.ErrorCode = 2;
}
break;
case CloudAction.Insert:
case CloudAction.Update:
computerId = CloudHelper.GetComputerId(command, out error);
if (computerId.HasValue)
{
// Fix computer id
foreach (var item in command.UserGames)
{
item.ComputerId = computerId.Value;
}
foreach (var item in command.UserDevices)
{
item.ComputerId = computerId.Value;
}
// Games can be inserted by using computer id only.
messages.Add(Upsert(command.UserGames));
messages.Add(Upsert(command.UserDevices));
}
else
{
messages.Add(error);
results.ErrorCode = 2;
}
break;
default:
break;
}
results.ErrorMessage = string.Join("\r\n", messages.Where(x => !string.IsNullOrEmpty(x)));
}
catch (Exception ex)
{
results.ErrorCode = 1;
results.ErrorMessage = "Server: " + ex.Message;
}
return(results);
}