Changeset 6568


Ignore:
Timestamp:
Oct 13, 2015, 9:04:19 PM (6 years ago)
Author:
konze
Message:

VoluntLib:
Added BannedUserCertificate/AdminUserCertificate List

CrypCloudCore:
added Banned/Admin List

CrypCloudManager:
added warning when banned user tries to log in

Location:
trunk
Files:
2 added
12 edited

Legend:

Unmodified
Added
Removed
  • trunk/CrypCloud/CrypCloudCore/CrypCloudCore.cs

    r6562 r6568  
    1616using voluntLib.common.eventArgs;
    1717using voluntLib.common.interfaces;
     18using voluntLib.communicationLayer;
    1819using voluntLib.logging;
    1920using voluntLib.managementLayer.localStateManagement.states;
     
    5859        private VoluntLib InitVoluntLib()
    5960        {
     61            var adminCertificates = Resources.adminCertificates.Replace("\r","") ;
     62            var adminList = adminCertificates.Split('\n').ToList();
     63           
     64            var bannedCertificates = Resources.bannedCertificates.Replace("\r","") ;
     65            var bannedList = bannedCertificates.Split('\n').ToList();
     66
    6067            var vlib = new VoluntLib
    6168            {
     
    6370                EnablePersistence = true,
    6471                LoadDataFromLocalStorage = true,
     72                AdminCertificateList = adminList,
     73                BannedCertificateList = bannedList,
    6574                LocalStoragePath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "CrypCloud" + Path.DirectorySeparatorChar + "VoluntLibStore.xml")
     75
    6676            };
    6777            vlib.JobListChanged += OnJobListChanged;
     
    8191                return false;
    8292            }
     93
    8394            var rootCertificate = new X509Certificate2(Resources.rootCA);
    8495            voluntLib.InitAndStart(rootCertificate, ownCertificate);
     
    123134            return voluntLib.GetVisualizationOfJobState(jobId);
    124135        }
    125 
    126         //TODO @ckonze add admin names/move function over to voluntlib
     136         
    127137        public bool UserCanDeleteJob(NetworkJob job)
    128138        {
    129             return job.Creator.Equals(voluntLib.CertificateName);
     139            return voluntLib.CanUserDeleteJob(job);
     140        }
     141
     142
     143        public bool IsBannedCertificate(X509Certificate2 certificate)
     144        {
     145
     146            var rootCertificate = new X509Certificate2(Resources.rootCA);
     147            var bannedCertificates = Resources.bannedCertificates.Replace("\r","") ;
     148            var bannedList = bannedCertificates.Split('\n').ToList();
     149
     150            var certificateService = new CertificateService(rootCertificate, certificate)
     151            {
     152                BannedCertificateList = bannedList
     153            };
     154
     155            return certificateService.IsBannedCertificate(certificate);
    130156        }
    131157
     
    378404            return (stateOfJob != null) ? stateOfJob.EpochNumber : 0;
    379405        }
     406
     407       
    380408    }
    381409}
  • trunk/CrypCloud/CrypCloudCore/CrypCloudCore.csproj

    r6549 r6568  
    102102    <None Include="rootCA.crt" />
    103103  </ItemGroup>
     104  <ItemGroup>
     105    <Resource Include="adminCertificates.txt" />
     106  </ItemGroup>
     107  <ItemGroup>
     108    <Resource Include="bannedCertificates.txt" />
     109  </ItemGroup>
    104110  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
    105111  <!-- To modify your build process, add your task inside one of the targets below and uncomment it.
  • trunk/CrypCloud/CrypCloudCore/Properties/Resources.Designer.cs

    r6419 r6568  
    22// <auto-generated>
    33//     Dieser Code wurde von einem Tool generiert.
    4 //     Laufzeitversion:4.0.30319.1
     4//     Laufzeitversion:4.0.30319.42000
    55//
    66//     Änderungen an dieser Datei können falsches Verhalten verursachen und gehen verloren, wenn
     
    6161        }
    6262       
     63        /// <summary>
     64        ///   Sucht eine lokalisierte Zeichenfolge, die N:ckonze
     65        /// ähnelt.
     66        /// </summary>
     67        public static string adminCertificates {
     68            get {
     69                return ResourceManager.GetString("adminCertificates", resourceCulture);
     70            }
     71        }
     72       
     73        /// <summary>
     74        ///   Sucht eine lokalisierte Zeichenfolge, die N:asdasd8
     75        /// ähnelt.
     76        /// </summary>
     77        public static string bannedCertificates {
     78            get {
     79                return ResourceManager.GetString("bannedCertificates", resourceCulture);
     80            }
     81        }
     82       
     83        /// <summary>
     84        ///   Sucht eine lokalisierte Ressource vom Typ System.Byte[].
     85        /// </summary>
    6386        public static byte[] rootCA {
    6487            get {
  • trunk/CrypCloud/CrypCloudCore/Properties/Resources.resx

    r6419 r6568  
    125125    <value>s</value>
    126126  </data>
     127  <data name="adminCertificates" type="System.Resources.ResXFileRef, System.Windows.Forms">
     128    <value>..\adminCertificates.txt;System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089;utf-8</value>
     129  </data>
     130  <data name="bannedCertificates" type="System.Resources.ResXFileRef, System.Windows.Forms">
     131    <value>..\bannedCertificates.txt;System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089;utf-8</value>
     132  </data>
    127133</root>
  • trunk/CrypCloud/CrypCloudManager/CrypCloudPresentation.xaml

    r6503 r6568  
    22             xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
    33             xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
    4              xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" 
     4             xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006"
    55             xmlns:d="http://schemas.microsoft.com/expression/blend/2008"
    6              xmlns:screens="clr-namespace:CrypCloud.Manager.Screens" 
    7              mc:Ignorable="d" >
     6             xmlns:screens="clr-namespace:CrypCloud.Manager.Screens"
     7             mc:Ignorable="d">
    88
    99    <UserControl.Resources>
     
    2525
    2626        <screens:Login x:Name="Login" />
    27         <screens:JobList x:Name="JobList"/>
    28         <screens:JobCreation x:Name="JobCreation"/>
    29         <screens:CreateAccount x:Name="CreateAccount"/>
    30         <screens:ResetPassword x:Name="ResetPassword"/>
     27        <screens:JobList x:Name="JobList" />
     28        <screens:JobCreation x:Name="JobCreation" />
     29        <screens:CreateAccount x:Name="CreateAccount" />
     30        <screens:ResetPassword x:Name="ResetPassword" />
    3131
    32         </StackPanel>
     32    </StackPanel>
    3333
    3434</UserControl>
  • trunk/CrypCloud/CrypCloudManager/Screens/Login.xaml

    r6503 r6568  
    4242                        </Grid.ColumnDefinitions>
    4343                       
    44                         <Image Name="Erroricon" Width="25" Grid.Row="1" Source="..\..\images\error.png" HorizontalAlignment="Left"/>
    45                         <TextBlock Text="{Binding Path=ErrorMessage}" Foreground="Red" Margin="35,0,0,0" Grid.Row="1" Grid.ColumnSpan="2" TextWrapping="Wrap"/>
     44                         <TextBlock Text="{Binding Path=ErrorMessage}" Foreground="Red" Margin="35,0,0,0" Grid.Row="1" Grid.ColumnSpan="2" TextWrapping="Wrap"/>
    4645                    </Grid>
    4746                </Border>
  • trunk/CrypCloud/CrypCloudManager/ViewModels/LoginVM.cs

    r6498 r6568  
    22using System.Collections.Generic;
    33using System.Security;
    4 using CertificateLibrary.Network;
    54using CrypCloud.Core;
    65using CrypCloud.Manager.Services;
     
    1211    public class LoginVM : BaseViewModel
    1312    {
     13        public LoginVM()
     14        {
     15            AvailableCertificates = new List<string>(CertificateHelper.GetNamesOfKnownCertificates());
     16            CreateNewAccountCommand = new RelayCommand(it => Navigator.ShowScreenWithPath(ScreenPaths.CreateAccount));
     17            ResetPasswordCommand = new RelayCommand(it => Navigator.ShowScreenWithPath(ScreenPaths.ResetPassword));
     18
     19            LoginCommand = new RelayCommand(it => GetCertificateAndLogin());
     20        }
     21
    1422        public List<string> AvailableCertificates { get; set; }
    1523
     
    2129        public RelayCommand ResetPasswordCommand { get; set; }
    2230
    23         public LoginVM()
    24         {
    25             AvailableCertificates = new List<string>(CertificateHelper.GetNamesOfKnownCertificates());
    26             CreateNewAccountCommand = new RelayCommand(it => Navigator.ShowScreenWithPath(ScreenPaths.CreateAccount));
    27             ResetPasswordCommand = new RelayCommand(it => Navigator.ShowScreenWithPath(ScreenPaths.ResetPassword));
    28 
    29             LoginCommand = new RelayCommand(it => GetCertificateAndLogin());
    30         }
    31 
    3231        /// <summary>
    33         /// Is called when the user clicks the login button
     32        ///     Is called when the user clicks the login button
    3433        /// </summary>
    3534        private void GetCertificateAndLogin()
     
    5251            }
    5352
     53            if (CrypCloudCore.Instance.IsBannedCertificate(certificate))
     54            {
     55                ErrorMessage = "Your Certificate has been banned";
     56                return; 
     57            }
     58
     59
    5460            if (CrypCloudCore.Instance.Login(certificate))
    5561            {
     
    5763                Navigator.ShowScreenWithPath(ScreenPaths.JobList);
    5864            }
     65
     66
    5967            ErrorMessage = "";
    6068        }
     
    6674        private void LoadRemoteCertificateAndLogin()
    6775        {
    68             var errorAction = new Action<string>(msg => ErrorMessage = msg); 
     76            var errorAction = new Action<string>(msg => ErrorMessage = msg);
    6977            var request = new CertificateRequest(Username, null, Password.ToUnsecuredString());
    7078
     
    8795
    8896        #endregion
    89 
    9097    }
    9198}
  • trunk/LibSource/voluntLib/VoluntLib.cs

    r6562 r6568  
    180180        public LogMode LogMode { get; set; }
    181181
     182        /// <summary>
     183        /// A list containing all certificate ids or usernames that are considerd to have admin privileges
     184        /// An entry for the certificate with the subjectname hans has be N:hans
     185        /// An entry for the certificate with the serialnumeber 1234 has be SN:1234
     186        /// </summary>
     187        public List<string> AdminCertificateList
     188        {
     189            get { return adminCertificateList; }
     190            set
     191            {
     192                adminCertificateList = value;
     193                if (CertificateService != null)
     194                {
     195                    CertificateService.AdminCertificateList = adminCertificateList;
     196                }
     197            }
     198        }
     199       
     200        /// <summary>
     201        /// A list containing all certificate ids or usernames that are banned within the current network
     202        /// An entry for the certificate with the subjectname hans has be N:hans
     203        /// An entry for the certificate with the serialnumeber 1234 has be SN:1234
     204        /// </summary>
     205        public List<string> BannedCertificateList
     206        {
     207            get { return bannedCertificateList; }
     208            set
     209            {
     210                bannedCertificateList = value;
     211                if (CertificateService != null)
     212                {
     213                    CertificateService.BannedCertificateList = bannedCertificateList;
     214                }
     215            }
     216        }
    182217
    183218        #endregion
     
    227262        protected NetworkBridgeCommunicationLayer NetworkBridgeCommunicationLayer { get; private set; }
    228263        protected NetworkBridgeManagementLayer NetworkBridgeManagementLayer { get; private set; }
     264
     265        protected CertificateService CertificateService;
     266
     267        private List<string> adminCertificateList = new List<string>();
     268        private List<string> bannedCertificateList = new List<string>();
    229269
    230270        #endregion internal Members
     
    245285            IsStarted = false;
    246286            IsInitialized = false;
     287            AdminCertificateList = new List<string>();
    247288            LogMode = LogMode.NLogConfig;
    248289        }
     
    350391            };
    351392
    352             CommunicationLayer = new CommunicationLayer(ManagementLayer, caCertificate, ownCertificate, communicator);
     393            CertificateService = new CertificateService(caCertificate, ownCertificate)
     394            {
     395                AdminCertificateList = AdminCertificateList,
     396                BannedCertificateList = BannedCertificateList
     397            };
     398
     399            CommunicationLayer = new CommunicationLayer(ManagementLayer, CertificateService, communicator);
    353400
    354401            //adding outbounding NetworkBridges
     
    361408            //file communicator
    362409            if (LoadDataFromLocalStorage || EnablePersistence || ClearLocalStorageOnStartUp)
    363                 SetupFileCommunicator(caCertificate, ownCertificate);
     410                SetupFileCommunicator(CertificateService);
    364411
    365412            //adding NATFree NetworkBridge
    366413            if (receivingTCPCom != null)
    367                 SetupNATFreeNetworkBridge(caCertificate, ownCertificate);
     414                SetupNATFreeNetworkBridge(CertificateService);
    368415           
    369416            if (LogMode == LogMode.EventBased)
     
    391438
    392439        #region init-Helper
    393         private void SetupNATFreeNetworkBridge(X509Certificate2 caCertificate, X509Certificate2 ownCertificate)
     440        private void SetupNATFreeNetworkBridge(CertificateService certificateService)
    394441        {
    395442            NetworkBridgeManagementLayer = new NetworkBridgeManagementLayer(ManagementLayer);
    396             NetworkBridgeCommunicationLayer = new NetworkBridgeCommunicationLayer(NetworkBridgeManagementLayer, caCertificate,
    397                 ownCertificate, receivingTCPCom);
     443            NetworkBridgeCommunicationLayer = new NetworkBridgeCommunicationLayer(NetworkBridgeManagementLayer, certificateService, receivingTCPCom);
    398444            NetworkBridgeManagementLayer.NetworkCommunicationLayer = NetworkBridgeCommunicationLayer;
    399445            IsNATFreeNetworkBridge = true;
     
    410456        }
    411457
    412         private void SetupFileCommunicator(X509Certificate2 caCertificate, X509Certificate2 ownCertificate)
     458        private void SetupFileCommunicator(CertificateService certificateService)
    413459        {
    414460            var fileCom = new FileCommunicator(LocalStoragePath, LoadDataFromLocalStorage, EnablePersistence,ClearLocalStorageOnStartUp);
    415             var fileComLayer = new CommunicationLayer(ManagementLayer, caCertificate, ownCertificate, fileCom);
     461            var fileComLayer = new CommunicationLayer(ManagementLayer, certificateService, fileCom);
    416462
    417463            ManagementLayer.FileCommunicationLayer = fileComLayer;
     
    10091055        #endregion
    10101056
    1011        
     1057        public bool CanUserDeleteJob(NetworkJob job)
     1058        {
     1059            ThrowErrorIfNotInitialized();
     1060            return job.Creator.Equals(CertificateName) || CertificateService.IsAdminCertificate(CertificateService.OwnCertificate);
     1061        }
     1062
     1063        public bool IsCertificateBanned(X509Certificate2 certificate)
     1064        {
     1065            ThrowErrorIfNotInitialized();
     1066            return CertificateService.IsBannedCertificate(certificate);
     1067        }
    10121068    }
    10131069}
  • trunk/LibSource/voluntLib/communicationLayer/CertificateService.cs

    r6420 r6568  
    4444        private readonly X509Certificate2 caCertificate;
    4545        private readonly RSACryptoServiceProvider csProvider;
    46         private readonly X509Certificate2 ownCertificate;
     46        public X509Certificate2 OwnCertificate { get; private set; }
    4747
    4848        public string OwnName { get; private set; }
     49        public List<string> AdminCertificateList { get; set; }
     50        public List<string> BannedCertificateList { get; set; }
    4951
    5052        #endregion
     
    5355        {
    5456            this.caCertificate = caCertificate;
    55             this.ownCertificate = ownCertificate;
     57            OwnCertificate = ownCertificate;
    5658
    5759            if ( ! IsValidCertificate(ownCertificate))
     
    7375            }
    7476
    75             if (ownCertificate.SubjectName.Name != null)
    76                 OwnName = ownCertificate.SubjectName.Name.Split('=').Last();
     77            OwnName = GetSubjectNameFromCertificate(ownCertificate);
     78        }
     79
     80        private static string GetSubjectNameFromCertificate(X509Certificate2 cert)
     81        {
     82            return cert.SubjectName.Name != null ? cert.SubjectName.Name.Split('=').Last() : "";
    7783        }
    7884
     
    8389            if (senderCertificate == null)
    8490                return CertificateValidationState.Invalid;
    85            
     91
     92            if (IsBannedCertificate(senderCertificate))
     93                return CertificateValidationState.Invalid;
    8694
    8795            //extract signature and replace with empty signature
     
    92100            message.Header.SignatureData = originalSignature;
    93101
     102
    94103            // Verify the signature with the hash
    95104            var provider = (RSACryptoServiceProvider) senderCertificate.PublicKey.Key;
     
    134143                return false;
    135144
    136             //TODO waahaahahahahahaa add logic?
     145            return IsAdminCertificate(senderCertificate);
     146        }
     147
     148        public bool IsAdminCertificate(X509Certificate2 senderCertificate)
     149        {
     150            //by name
     151            var senderName = GetSubjectNameFromCertificate(senderCertificate);
     152            if (AdminCertificateList.Contains("N:" + senderName))
     153                return true;
     154
     155            //by serial number
     156            if (AdminCertificateList.Contains("SN:" + senderCertificate.SerialNumber))
     157                return true;
     158            return false;
     159        }
     160       
     161        public bool IsBannedCertificate(X509Certificate2 senderCertificate)
     162        {
     163            //by name
     164            var senderName = GetSubjectNameFromCertificate(senderCertificate);
     165            if (BannedCertificateList.Contains("N:" + senderName))
     166                return true;
     167
     168            //by serial number
     169            if (BannedCertificateList.Contains("SN:" + senderCertificate.SerialNumber))
     170                return true;
    137171            return false;
    138172        }
     
    185219        private byte[] ExportOwnCertificate()
    186220        {
    187             return ownCertificate.Export(X509ContentType.Cert);
     221            return OwnCertificate.Export(X509ContentType.Cert);
    188222        }
    189223
  • trunk/LibSource/voluntLib/communicationLayer/CommunicationLayer.cs

    r6420 r6568  
    6464        #endregion
    6565
    66         public CommunicationLayer(IManagementLayerCallback managementCallback, X509Certificate2 caCertificate, X509Certificate2 ownCertificate,
    67             ICommunicator communicator)
    68         {
     66        public CommunicationLayer(IManagementLayerCallback managementCallback, CertificateService certificateHandler, ICommunicator communicator)
     67        {
     68            this.certificateHandler = certificateHandler;
    6969            this.managementCallback = managementCallback;
    70             certificateHandler = new CertificateService(caCertificate, ownCertificate);
    7170            communicator.RegisterCommunicationLayer(this);
    7271            communicators.Add(IPAddress.Broadcast, communicator);
  • trunk/LibSource/voluntLib/communicationLayer/NetworkBridgeCommunicationLayer.cs

    r6420 r6568  
    2828        private readonly ICommunicator communicator;
    2929
    30         public NetworkBridgeCommunicationLayer(IManagementLayerCallback managementCallback, X509Certificate2 caCertificate,
    31             X509Certificate2 ownCertificate, ICommunicator communicator) :
    32                 base(managementCallback, caCertificate, ownCertificate, communicator)
     30        public NetworkBridgeCommunicationLayer(IManagementLayerCallback managementCallback, CertificateService certService, ICommunicator communicator) :
     31            base(managementCallback, certService, communicator)
    3332        {
    3433            this.communicator = communicator;
  • trunk/LibSource/voluntLib/voluntLib.csproj

    r6561 r6568  
    129129  </ItemGroup>
    130130  <ItemGroup>
    131     <None Include="ClassDiagram1.cd" />
    132131    <None Include="NLog.config">
    133132      <SubType>Designer</SubType>
Note: See TracChangeset for help on using the changeset viewer.