/// <summary> /// encrypt the stream asymmetrically using the encryption information /// of specific security profile in the configuration file /// </summary> /// <param name="data">stream data</param> /// <param name="profile">security profile name</param> /// <param name="key">output parameter for generated secret key</param> /// <param name="iv">output parameter for generated iv</param> /// <param name="signature">out parameters for the digital signature</param> /// <returns>stream data</returns> public static Stream Encrypt(Stream data, string profile, out byte[] key, out byte[] iv, out byte[] signature) { SAF.Configuration.ConfigurationManager cm = (SAF.Configuration.ConfigurationManager)System.Configuration.ConfigurationManager.GetSection("Framework"); CryptographyConfiguration cc = cm.CryptographyConfig; //retrieve the security profile information from the configuration file XmlNode cryptoInfo = cc.SearchCryptoInfoByProfileName(profile); bool symmetric = Boolean.Parse(cryptoInfo.Attributes["symmetric"].Value); ICryptoTransform encryptor = null; RSACryptoServiceProvider provider = null; if (symmetric != false) { throw new System.Exception("This method id not intended for symmetric encryption"); } provider = (RSACryptoServiceProvider)cc.GetAymmetricAlgorithmProvider(profile); //retireve the sneder and receiver's certification information for encryption string senderCert = cryptoInfo.SelectSingleNode("SenderCertificate").InnerText; string sendCertStore = cryptoInfo.SelectSingleNode("SenderCertificate").Attributes["store"].Value; string receiverCert = cryptoInfo.SelectSingleNode("ReceiverCertificate").InnerText; string receiverCertStore = cryptoInfo.SelectSingleNode("ReceiverCertificate").Attributes["store"].Value; string symmatricAlgorithm = cryptoInfo.SelectSingleNode("SymmatricAlgorithm").InnerText; //obtain the X509 certificate object for the sender and receiver X509Certificate senderCertificate = Certificate.SearchCertificateBySubjectName(sendCertStore, senderCert); X509Certificate receiverCertificate = Certificate.SearchCertificateBySubjectName(receiverCertStore, receiverCert); //receive the sender's private key and receiver's public key for encryption RSAParameters sender_privateKey = senderCertificate.Key.ExportParameters(true); RSAParameters receiver_publicKey = receiverCertificate.PublicKey.ExportParameters(false); SymmetricAlgorithm symmProvider = SymmetricAlgorithm.Create(symmatricAlgorithm); encryptor = symmProvider.CreateEncryptor(); CryptoStream encStream = new CryptoStream(data, encryptor, CryptoStreamMode.Read); MemoryStream encrypted = new MemoryStream(); byte[] buffer = new byte[1024]; int count = 0; while ((count = encStream.Read(buffer, 0, 1024)) > 0) { encrypted.Write(buffer, 0, count); } //encrypt the screte key, iv key using receiver's public key //that are used to decrypt the data provider.ImportParameters(receiver_publicKey); key = provider.Encrypt(symmProvider.Key, false); iv = provider.Encrypt(symmProvider.IV, false); //sign the data with sender's private key provider.ImportParameters(sender_privateKey); signature = provider.SignData(encrypted.ToArray(), new SHA1CryptoServiceProvider()); encrypted.Position = 0; return((Stream)encrypted); }
/// <summary> /// constructor takes the SAFIdentity as its parameter. /// </summary> /// <param name="sid">SAFIdentity object which contain the identity and appplication name information</param> public SAFPrincipal(SAFIdentity sid) { //retrieve the authentication configuraiton from the configuraiton file SAF.Configuration.ConfigurationManager cm = (SAF.Configuration.ConfigurationManager)System.Configuration.ConfigurationManager.GetSection("Framework"); AuthenticationConfiguration ac = cm.AuthenticationConfig; //set identity object and the SAFUser property identity = sid; safUser = ac.GetSAFUserName(sid.Name, sid.ApplicationName); //set the application inforamtion of the SAFPrincipal SetApplication(sid.ApplicationName); }
/// <summary> /// SetApplication will change the application context of principal object /// so that principal object represents the user membership information of /// a given application /// </summary> /// <param name="application">name of the application for which SAFPrincipal will switch the its membership information.</param> public void SetApplication(string application) { SAF.Configuration.ConfigurationManager cm = (SAF.Configuration.ConfigurationManager)System.Configuration.ConfigurationManager.GetSection("Framework"); AuthenticationConfiguration ac = cm.AuthenticationConfig; //retrieve the type informatioin for the principal object of a given applicaiton string typeName = ac.GetPrincipalTypeForApplication(application); string appUserName = cm.AuthenticationConfig.GetIdentityForApplicaiton(safUser, application); SAFIdentity safIdentity = new SAFIdentity(appUserName, application); Type type = Type.GetType(typeName); object[] parameters = new object[1] { safIdentity }; //set the new object to the internal principal object. currentApplicationPrincipal = (IPrincipal)Activator.CreateInstance(type, parameters); identity = (IIdentity)safIdentity; }
/// <summary> /// Demand method is called at runtime when a caller is trying to access /// resource that is marked with SAFSecurityAttribute. /// </summary> public void Demand() { //obtain the information about the denied and allowed roles //information from configuraiton file SAF.Configuration.ConfigurationManager cm = (SAF.Configuration.ConfigurationManager)System.Configuration.ConfigurationManager.GetSection("Framework"); AuthorizationConfiguration ac = cm.AuthorizationConfig; string[] allowedRoles = ac.AllowedRoles(Name); string[] deniedRoles = ac.DeniedRoles(Name); //create the IAuthorizationProvider object which is responsible //for verify if the call is permitted or denied based on the //allowed role and denied role information. IAuthorizationProvider ap = (IAuthorizationProvider)ac.GetAuthorizationProvider(Name); ap.Authorize(allowedRoles, deniedRoles); }
/// <summary> /// encrypt the stream symmetrically using the security profile /// information stored in the configuration file /// </summary> /// <param name="data">stream data</param> /// <param name="profile">profile name</param> /// <returns>stream data</returns> public static Stream Encrypt(Stream data, string profile) { SAF.Configuration.ConfigurationManager cm = (SAF.Configuration.ConfigurationManager)System.Configuration.ConfigurationManager.GetSection("Framework"); CryptographyConfiguration cc = cm.CryptographyConfig; //retrieve security profile information XmlNode cryptoInfo = cc.SearchCryptoInfoByProfileName(profile); bool symmetric = Boolean.Parse(cryptoInfo.Attributes["symmetric"].Value); ICryptoTransform encryptor = null; SymmetricAlgorithm provider = null; if (symmetric != true) { throw new System.Exception("This method id not intended for asymmetric encryption"); } //retrive the secret key and iv information provider = cc.GetSymmetricAlgorithmProvider(profile); string key = cryptoInfo.SelectSingleNode("SecretKey").InnerText; string iv = cryptoInfo.SelectSingleNode("IV").InnerText; provider.Key = Encoding.Default.GetBytes(key); provider.IV = Encoding.Default.GetBytes(iv); encryptor = provider.CreateEncryptor(); MemoryStream encrypted = new MemoryStream(); //encrypt the stream symmetrically CryptoStream encStream = new CryptoStream(encrypted, encryptor, CryptoStreamMode.Write); byte[] buffer = new byte[1024]; int count = 0; while ((count = data.Read(buffer, 0, 1024)) > 0) { encStream.Write(buffer, 0, count); } encStream.FlushFinalBlock(); encrypted.Position = 0; return((Stream)encrypted); }
/// <summary> /// decrypt the stream data symmetrically using the security profile /// information stored in the configuration file /// </summary> /// <param name="data">stream data</param> /// <param name="profile">security profile name</param> /// <returns>decrypted stream</returns> public static Stream Decrypt(Stream data, string profile) { SAF.Configuration.ConfigurationManager cm = (SAF.Configuration.ConfigurationManager)System.Configuration.ConfigurationManager.GetSection("Framework"); CryptographyConfiguration cc = cm.CryptographyConfig; //retrieve the security profile information for configuration file XmlNode cryptoInfo = cc.SearchCryptoInfoByProfileName(profile); bool symmetric = Boolean.Parse(cryptoInfo.Attributes["symmetric"].Value); ICryptoTransform decryptor = null; SymmetricAlgorithm provider = null; if (symmetric != true) { throw new System.Exception("This method id not intended for asymmetric encryption"); } //retrieve the secret key and iv from the configuration file provider = cc.GetSymmetricAlgorithmProvider(profile); string key = cryptoInfo.SelectSingleNode("SecretKey").InnerText; string iv = cryptoInfo.SelectSingleNode("IV").InnerText; provider.Key = Encoding.Default.GetBytes(key); provider.IV = Encoding.Default.GetBytes(iv); decryptor = provider.CreateDecryptor(); //decrypt the stream CryptoStream decStream = new CryptoStream(data, decryptor, CryptoStreamMode.Read); MemoryStream decrypted = new MemoryStream(); byte[] buffer = new byte[2048]; int count = 0; while ((count = decStream.Read(buffer, 0, buffer.Length)) != 0) { decrypted.Write(buffer, 0, count); } decrypted.Position = 0; return((Stream)decrypted); }
/// <summary> /// Called by the client to get an instance of the factory class /// </summary> /// <param name="factoryName">factory name</param> /// <returns>class factory object</returns> public static object GetFactory(string factoryName) { object factory = null; SAF.Configuration.ConfigurationManager cm = (SAF.Configuration.ConfigurationManager)System.Configuration.ConfigurationManager.GetSection("Framework"); ClassFactoryConfiguration cf = cm.ClassFactoryConfig; XmlNode classFactoryData = cf.GetFactoryData(factoryName); //obtain the type information string type = classFactoryData.Attributes["type"].Value; Type t = System.Type.GetType(type); //creat an instance of concrete class factory if (classFactoryData.Attributes["location"] != null) { string location = classFactoryData.Attributes["location"].Value; factory = Activator.GetObject(t, location); } else { factory = Activator.CreateInstance(t, null); } return(factory); }
/// <summary> /// decrypt the stream data asymmetrically using the security profile /// information stored in the configuration file /// </summary> /// <param name="data">encrypted stream data</param> /// <param name="profile">security profile name</param> /// <param name="key">generated key</param> /// <param name="iv">generated iv</param> /// <param name="signature">generated signature</param> /// <returns>decrypted stream</returns> public static Stream Decrypt(Stream data, string profile, byte[] key, byte[] iv, byte[] signature) { SAF.Configuration.ConfigurationManager cm = (SAF.Configuration.ConfigurationManager)System.Configuration.ConfigurationManager.GetSection("Framework"); CryptographyConfiguration cc = cm.CryptographyConfig; //retrieve the security profile information XmlNode cryptoInfo = cc.SearchCryptoInfoByProfileName(profile); bool symmetric = Boolean.Parse(cryptoInfo.Attributes["symmetric"].Value); ICryptoTransform decryptor = null; RSACryptoServiceProvider provider = null; if (symmetric != false) { throw new System.Exception("This method id not intended for symmetric encryption"); } provider = (RSACryptoServiceProvider)cc.GetAymmetricAlgorithmProvider(profile); //retrieve the sender and receiver's certification information for decryption string senderCert = cryptoInfo.SelectSingleNode("SenderCertificate").InnerText; string sendCertStore = cryptoInfo.SelectSingleNode("SenderCertificate").Attributes["store"].Value; string receiverCert = cryptoInfo.SelectSingleNode("ReceiverCertificate").InnerText; string receiverCertStore = cryptoInfo.SelectSingleNode("ReceiverCertificate").Attributes["store"].Value; string symmatricAlgorithm = cryptoInfo.SelectSingleNode("SymmatricAlgorithm").InnerText; //obtain X509 certification object X509Certificate senderCertificate = Certificate.SearchCertificateBySubjectName(sendCertStore, senderCert); X509Certificate receiverCertificate = Certificate.SearchCertificateBySubjectName(receiverCertStore, receiverCert); //retrieve the sender's private key and receiver's public RSAParameters sender_privateKey = senderCertificate.Key.ExportParameters(true); RSAParameters receiver_publicKey = receiverCertificate.PublicKey.ExportParameters(false); //import the public key information to verify the data provider.ImportParameters(receiver_publicKey); MemoryStream ms = new MemoryStream(); byte[] buffer = new Byte[1024]; int count = 0; while ((count = data.Read(buffer, 0, buffer.Length)) > 0) { ms.Write(buffer, 0, count); } byte[] encryptedData = ms.ToArray(); //data.Position = 0 ; //data.Read(encryptedData,0,encryptedData.Length); //verify if the data has been tempered with bool v = provider.VerifyData(encryptedData, new SHA1CryptoServiceProvider(), signature); if (v == false) { throw new CryptographicException(); } //import the private key information to decrypt data provider.ImportParameters(sender_privateKey); //decrypt the secret key and iv byte[] decryptedkey = provider.Decrypt(key, false); byte[] decryptediv = provider.Decrypt(iv, false); SymmetricAlgorithm symmProvider = SymmetricAlgorithm.Create(symmatricAlgorithm); symmProvider.Key = decryptedkey; symmProvider.IV = decryptediv; decryptor = symmProvider.CreateDecryptor(); ms.Position = 0; //decrypt the stream CryptoStream decStream = new CryptoStream(ms, decryptor, CryptoStreamMode.Read); MemoryStream decrypted = new MemoryStream(); count = 0; while ((count = decStream.Read(buffer, 0, buffer.Length)) != 0) { decrypted.Write(buffer, 0, count); } decrypted.Position = 0; return((Stream)decrypted); }