/// <summary> /// Load certificate by specified arguments. /// </summary> /// <param name="arguments"></param> /// <returns></returns> public static X509Certificate2 LoadCertificate(CertificateArguments arguments) { X509Certificate2 returnX509 = null; try { if (arguments.Validate()) { if (!String.IsNullOrEmpty(arguments.CertificateStoreSubject)) { returnX509 = FindCertificateInX509Store(arguments); } else if (!String.IsNullOrEmpty(arguments.CertificateFilePath)) { returnX509 = FindCertificateInFilePath(arguments); } } if (returnX509 == null) { throw new Exception(String.Format("Failed to load certificate with arguments {0} ", arguments.ToString())); } } catch (Exception ex) { Tracing.ErrorSecurity("Failed to load certificate. {0}", ex.ToString()); throw; } return(returnX509); }
/// <summary> /// Load X509Certificate2 certificate from file path. /// </summary> /// <param name="arguments"></param> /// <returns></returns> private static X509Certificate2 FindCertificateInFilePath(CertificateArguments arguments) { X509Certificate2 returnX509 = null; try { returnX509 = new X509Certificate2(arguments.CertificateFilePath, arguments.CertificatePassword, X509KeyStorageFlags.Exportable); } catch (Exception ex) { Tracing.ErrorSecurity(String.Format("Failed to obtain certificate. {0}", ex)); } return(returnX509); }
/// <summary> /// This is available only on Windows 10 / Windows Server 2016 and up. /// It does not scan and returns a "no malware found" indication on earlier systems. /// </summary> public static bool IsMalware(string ConsumerAppName, byte[] input, string contentName) { IntPtr amsiContext; IntPtr session; var result = AMSI_RESULT.AMSI_RESULT_NOT_DETECTED; int returnValue; try { returnValue = AmsiInitialize(ConsumerAppName, out amsiContext); returnValue = AmsiOpenSession(amsiContext, out session); returnValue = AmsiScanBuffer(amsiContext, input, (ulong)input.LongLength, contentName, session, out result); AmsiCloseSession(amsiContext, session); AmsiUninitialize(amsiContext); } catch (DllNotFoundException dex) { Tracing.ErrorCore("AMSI malware detection: {0}", dex.ToString()); /* for PEN test, when we do not have a real AMSI detector, * then we just detect the eicar file by hand * KEEP THIS SEPARATED so TFS and local developer computers don't choke on this very file!! */ if (input != null && input.Length > 0) { var part = new byte[Math.Min(input.Length, 255)]; for (var i = 0; i < part.Length; ++i) { part[i] = input[i]; } if (System.Text.ASCIIEncoding.ASCII.GetString(part).Contains(@"X5O!P%@AP[4\PZX54(P^)7CC)7}$EI" + @"CAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*")) { return(true); } } } catch (Exception ex) { /* [dlatikay 20190316] MEA-2019-00154 for diagnostics */ Tracing.ErrorSecurity("{0}: scanning \"{1}\" for malware: {2}", ConsumerAppName, contentName, ex.ToString()); } return(result.HasFlag(AMSI_RESULT.AMSI_RESULT_DETECTED)); }