- Support for storing and retrieving the services' secrets in CASA, so

that the secrets can be retrieved during the system boot-up.
This commit is contained in:
Rajasekaran Nagarajan 2006-10-19 09:27:10 +00:00
parent 86515d118a
commit 879eaa39d6
11 changed files with 765 additions and 417 deletions

View File

@ -41,7 +41,7 @@ case $host_os in
;; ;;
*) *)
AC_CHECK_PROG(CSC, csc, csc) AC_CHECK_PROG(CSC, csc, csc)
test -z "$CSC" && AC_CHECK_PROG(CSC, mcs, mcs) test -z "$CSC" && AC_CHECK_PROG(CSC, gmcs, gmcs)
test -z "$CSC" && AC_MSG_ERROR([no acceptable C Sharp compiler found in \$PATH]) test -z "$CSC" && AC_MSG_ERROR([no acceptable C Sharp compiler found in \$PATH])
;; ;;
@ -51,7 +51,7 @@ case $CSC in
# #
# Mono-specific configuration # Mono-specific configuration
# #
mcs) gmcs)
CSC_EXEFLAG=/target:exe CSC_EXEFLAG=/target:exe
CSC_LIBFLAG=/target:library CSC_LIBFLAG=/target:library
CSC_EXEFLAG=/target:exe CSC_EXEFLAG=/target:exe

View File

@ -126,6 +126,7 @@ CSFILES_CSC := $(subst /,$(SEP),$(CSFILES))
CS_FLAGS = -d:LINUX -nowarn:169 CS_FLAGS = -d:LINUX -nowarn:169
CS_RESOURCES = CS_RESOURCES =
CS_LIBS =Mono.Posix.dll \ CS_LIBS =Mono.Posix.dll \
System.Security.dll \
nunit.core.dll \ nunit.core.dll \
nunit.framework.dll \ nunit.framework.dll \
nunit.extensions.dll \ nunit.extensions.dll \

View File

@ -55,11 +55,15 @@ namespace sscs.cache
private static int STATE_LOCKED = 2; private static int STATE_LOCKED = 2;
private LocalStorage lss = null; private LocalStorage lss = null;
bool bIsStorePersistent = false; private LocalStorage slss = null; // For Server Secrets
string m_persistenceDirectory = null;
private static string POLICY_DIRECTORY = "/home/.casa";
private MPFileWatcher mpWatcher = null; bool bIsStorePersistent = false;
bool bIsServerStorePersistent = false;
string m_persistenceDirectory = null;
private static string POLICY_DIRECTORY = "/home/.casa";
private MPFileWatcher mpWatcher = null;
private DateTime createTime; private DateTime createTime;
public DateTime CreateTime public DateTime CreateTime
@ -175,10 +179,74 @@ namespace sscs.cache
catch catch
{ {
} }
return false; return false;
} }
internal bool StartPersistenceOfServerSecretsBySystemKey()
{
// make sure we have a Persistence Directory
if (GetPersistenceDirectory() == null || GetPersistenceDirectory().Length < 1 || !Directory.Exists(GetPersistenceDirectory()))
{
CSSSLogger.DbgLog("StartPersistenceOfServerSecretsBySystemKey - No Persistence directory yet");
CSSSLogger.DbgLog("Directory: [" + GetPersistenceDirectory() + "]");
return false;
}
try
{
byte[] baPasscode;
/* Persistence could have started because the user
* could have set master password.
*/
if(slss != null && bIsServerStorePersistent == true)
{
CSSSLogger.DbgLog(CSSSLogger.GetExecutionPath(this) + " Server Secrets Store is already persistent");
CSSSLogger.DbgLog("StartPersistenceOfServerSecretsBySystemKey - Started");
return true;
}
if(!File.Exists(GetServerPasscodeBySystemKeyFilePath()))
{
/*
if (File.Exists(GetServerPasscodeByMasterPasswdFilePath()))
{
// wait for the user to start the Persistence by entering MP
return false;
}
*/
baPasscode = CASACrypto.GenerateServerMasterPasscode(
GetServerPasscodeBySystemKeyFilePath(),
GetServerValidationFilePath());
if( null == baPasscode )
{
return false;
}
if(!File.Exists(GetServerKeyFilePath()))
{
GenerateAndStoreEncryptionKey(baPasscode, GetServerKeyFilePath());
slss = new LocalStorage(this, baPasscode, true);
bIsServerStorePersistent = true;
return true;
}
}
baPasscode = CASACrypto.GetServerMasterPasscodeUsingSystemKey(GetServerPasscodeBySystemKeyFilePath());
if(CASACrypto.ValidatePasscode(baPasscode,GetServerValidationFilePath()))
{
slss = new LocalStorage(this, baPasscode, true);
bIsServerStorePersistent = true;
return true;
}
}
catch(Exception e)
{
CSSSLogger.ExpLog(e.ToString());
}
return false;
}
internal bool StartPersistenceByDesktopPasswd(string desktopPasswd) internal bool StartPersistenceByDesktopPasswd(string desktopPasswd)
{ {
CSSSLogger.DbgLog("StartPersistenceByDesktopPasswd - Called"); CSSSLogger.DbgLog("StartPersistenceByDesktopPasswd - Called");
@ -246,7 +314,7 @@ namespace sscs.cache
if(!File.Exists(GetKeyFilePath())) if(!File.Exists(GetKeyFilePath()))
{ {
GenerateAndStoreEncryptionKey(baPasscode); GenerateAndStoreEncryptionKey(baPasscode, GetKeyFilePath());
lss = new LocalStorage(this,baPasscode); lss = new LocalStorage(this,baPasscode);
bIsStorePersistent = true; bIsStorePersistent = true;
return true; return true;
@ -286,7 +354,7 @@ namespace sscs.cache
return false; return false;
} }
internal bool GenerateAndStoreEncryptionKey(byte[] baPasscode) internal bool GenerateAndStoreEncryptionKey(byte[] baPasscode, string fileName)
{ {
RijndaelManaged myRijndael = new RijndaelManaged(); RijndaelManaged myRijndael = new RijndaelManaged();
byte[] key; byte[] key;
@ -297,9 +365,7 @@ namespace sscs.cache
myRijndael.GenerateKey(); myRijndael.GenerateKey();
key = myRijndael.Key; key = myRijndael.Key;
CASACrypto.StoreKeySetUsingMasterPasscode(key,IV, CASACrypto.StoreKeySetUsingMasterPasscode(key, IV, baPasscode, fileName);
baPasscode,
GetKeyFilePath());
} }
catch (Exception e) catch (Exception e)
{ {
@ -308,7 +374,6 @@ namespace sscs.cache
return true; return true;
} }
internal bool SetMasterPassword(string mPasswdFromIDK) internal bool SetMasterPassword(string mPasswdFromIDK)
{ {
try try
@ -341,12 +406,17 @@ namespace sscs.cache
else else
{ {
// try old method // try old method
baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath(), true); baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(
desktopPasswd,
GetPasscodeByDesktopFilePath(),
true);
if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath())) if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath()))
{ {
// rewrite file using new method // rewrite file using new method
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, desktopPasswd, GetPasscodeByDesktopFilePath()); CASACrypto.EncryptAndStoreMasterPasscodeUsingString(
baPasscode,
desktopPasswd,
GetPasscodeByDesktopFilePath());
CASACrypto.EncryptAndStoreMasterPasscodeUsingString( CASACrypto.EncryptAndStoreMasterPasscodeUsingString(
baPasscode, baPasscode,
@ -406,7 +476,7 @@ namespace sscs.cache
{ {
if(!File.Exists(GetKeyFilePath())) if(!File.Exists(GetKeyFilePath()))
{ {
GenerateAndStoreEncryptionKey(baPasscode); GenerateAndStoreEncryptionKey(baPasscode, GetKeyFilePath());
} }
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode,mPasswd,GetPasscodeByMasterPasswdFilePath()); CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode,mPasswd,GetPasscodeByMasterPasswdFilePath());
@ -674,6 +744,8 @@ namespace sscs.cache
{ {
if (lss != null) if (lss != null)
lss.PersistStoreWithDelay(); lss.PersistStoreWithDelay();
if (slss != null)
slss.PersistServerStoreWithDelay();
} }
/* This function would need to do any storage/cleanup required /* This function would need to do any storage/cleanup required
@ -682,7 +754,9 @@ namespace sscs.cache
internal bool CommitStore() internal bool CommitStore()
{ {
if(lss != null) if(lss != null)
lss.PersistStore(); lss.PersistStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
if(slss != null)
slss.PersistStore(ConstStrings.SSCS_SERVER_KEY_CHAIN_ID);
return true; return true;
} }
@ -724,6 +798,7 @@ namespace sscs.cache
{ {
return state; return state;
} }
internal int GetNumKeyChains() internal int GetNumKeyChains()
{ {
return keyChainList.Count; return keyChainList.Count;
@ -824,7 +899,8 @@ namespace sscs.cache
// let's migrate the files if needed // let's migrate the files if needed
string sNewPath = POLICY_DIRECTORY + "/" + user.GetUserName(); string sNewPath = POLICY_DIRECTORY + "/" + user.GetUserName();
try { try
{
if (Directory.GetFiles(sNewPath, ".miCASA*").Length > 0) if (Directory.GetFiles(sNewPath, ".miCASA*").Length > 0)
return sNewPath; return sNewPath;
@ -846,7 +922,6 @@ namespace sscs.cache
} }
return (sNewPath); return (sNewPath);
} }
internal bool SetPeristenceDirectory(string sNewDirectory) internal bool SetPeristenceDirectory(string sNewDirectory)
@ -866,7 +941,6 @@ namespace sscs.cache
} }
return false; return false;
} }
internal string GetKeyFilePath() internal string GetKeyFilePath()
@ -897,14 +971,42 @@ namespace sscs.cache
return persistDir + ConstStrings.MICASA_VALIDATION_FILE; return persistDir + ConstStrings.MICASA_VALIDATION_FILE;
} }
internal string GetServerKeyFilePath()
{
string persistDir = GetPersistenceDirectory();
return persistDir + ConstStrings.MICASA_SERVER_KEY_FILE;
}
internal string GetServerPasscodeBySystemKeyFilePath()
{
string persistDir = GetPersistenceDirectory();
return persistDir + ConstStrings.MICASA_SERVER_PASSCODE_BY_SYSTEM_KEY_FILE;
}
internal string GetServerPasscodeByMasterPasswdFilePath()
{
string persistDir = GetPersistenceDirectory();
return persistDir + ConstStrings.MICASA_SERVER_PASSCODE_BY_MASTERPASSWD_FILE;
}
internal string GetServerSecretsPersistenceFilePath()
{
string persistDir = GetPersistenceDirectory();
return persistDir + ConstStrings.MICASA_SERVER_PERSISTENCE_FILE;
}
internal string GetServerValidationFilePath()
{
string persistDir = GetPersistenceDirectory();
return persistDir + ConstStrings.MICASA_SERVER_VALIDATION_FILE;
}
internal byte[] GetSecrets(string sEncryptionString) internal byte[] GetSecrets(string sEncryptionString)
{ {
if (lss != null) if (lss != null)
{ {
MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this); MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this, null);
byte[] baSecrets = ms.ToArray(); byte[] baSecrets = ms.ToArray();
// encrypt if an encryptionstring was passed // encrypt if an encryptionstring was passed

View File

@ -79,6 +79,7 @@ namespace sscs.constants
internal class ConstStrings internal class ConstStrings
{ {
internal static string SSCS_SESSION_KEY_CHAIN_ID = "SSCS_SESSION_KEY_CHAIN_ID"; internal static string SSCS_SESSION_KEY_CHAIN_ID = "SSCS_SESSION_KEY_CHAIN_ID";
internal static string SSCS_SERVER_KEY_CHAIN_ID = "SSCS_SERVER_KEY_CHAIN_ID";
internal static string SSCS_LOCAL_KEY_CHAIN_ID = "SSCS_LOCAL_KEY_CHAIN_ID"; internal static string SSCS_LOCAL_KEY_CHAIN_ID = "SSCS_LOCAL_KEY_CHAIN_ID";
internal static string SSCS_HIDDEN_LOCAL_KEYCHAIN_ID = "SSCS_HIDDEN_LOCAL_KEYCHAIN_ID"; internal static string SSCS_HIDDEN_LOCAL_KEYCHAIN_ID = "SSCS_HIDDEN_LOCAL_KEYCHAIN_ID";
internal static string SSCS_REMOTE_KEYCHAIN_ID = "SSCS_REMOTE_KEYCHAIN_ID"; internal static string SSCS_REMOTE_KEYCHAIN_ID = "SSCS_REMOTE_KEYCHAIN_ID";
@ -106,23 +107,40 @@ namespace sscs.constants
// would be stored // would be stored
internal static string MICASA_PASSCODE_BY_DESKTOP_FILE = "/.miCASAPCByDesktop"; internal static string MICASA_PASSCODE_BY_DESKTOP_FILE = "/.miCASAPCByDesktop";
// The file where the passcode is stored encrypted with the system key.
// The system key here is the key used with the default key container
// for the user in Mono environment.
internal static string MICASA_SERVER_PASSCODE_BY_SYSTEM_KEY_FILE = "/.miCASASrvPCBySysKey";
internal static string MICASA_PASSCODE_BY_MASTERPASSWD_FILE = "/.miCASAPCByMPasswd"; internal static string MICASA_PASSCODE_BY_MASTERPASSWD_FILE = "/.miCASAPCByMPasswd";
// The passcode encrypted with the key derived from the masster password.
// The master password is the same as the one used with the user's application credentials.
internal static string MICASA_SERVER_PASSCODE_BY_MASTERPASSWD_FILE = "/.miCASASrvPCByMPasswd";
//The file where all possible passwds are cross encrypted and //The file where all possible passwds are cross encrypted and
//stored to provide multiple recovery points. //stored to provide multiple recovery points.
internal static string MICASA_KEY_FILE = "/.miCASAKey"; internal static string MICASA_KEY_FILE = "/.miCASAKey";
internal static string MICASA_SERVER_KEY_FILE = "/.miCASASrvKey";
//The file where the user's credentials are persisted. //The file where the user's credentials are persisted.
internal static string MICASA_PERSISTENCE_FILE = "/.miCASA"; internal static string MICASA_PERSISTENCE_FILE = "/.miCASA";
//The file where the services' credentials are persisted.
internal static string MICASA_SERVER_PERSISTENCE_FILE = "/.miCASASrv";
//The file required to validate the desktop passwd //The file required to validate the desktop passwd
internal static string MICASA_VALIDATION_FILE = "/.miCASAValidate"; internal static string MICASA_VALIDATION_FILE = "/.miCASAValidate";
//The file required to validate the passcode
internal static string MICASA_SERVER_VALIDATION_FILE = "/.miCASASrvValidate";
internal static string MICASA_VALIDATION_STRING = "miCASAValidationString"; internal static string MICASA_VALIDATION_STRING = "miCASAValidationString";
// these are used in the GUI too. // these are used in the GUI too.
internal static string CONFIG_PERSISTENT_DIRECTORY = "PersistentDirectory"; internal static string CONFIG_PERSISTENT_DIRECTORY = "PersistentDirectory";
internal static string CONFIG_PERSIST_SECRETS = "PersistSecrets"; internal static string CONFIG_PERSIST_SECRETS = "PersistSecrets";
internal static string CONFIG_DECRYPT_USING_DESKTOP_PASS = "DecryptUsingDesktopPassword"; internal static string CONFIG_DECRYPT_USING_DESKTOP_PASS = "DecryptUsingDesktopPassword";
} }

View File

@ -91,6 +91,7 @@ namespace sscs.common
ss = user.GetSecretStore(); ss = user.GetSecretStore();
ss.IncrRefCount(); ss.IncrRefCount();
ss.CreateTime = DateTime.Now; ss.CreateTime = DateTime.Now;
ss.StartPersistenceOfServerSecretsBySystemKey();
return ss; return ss;
} }
} }

View File

@ -38,8 +38,9 @@ abstract class IPCChannel
#if LINUX #if LINUX
internal static IPCChannel Create(Socket socket) internal static IPCChannel Create(Socket socket)
{ {
if(( (int)Environment.OSVersion.Platform) == 128) int platform = (int)Environment.OSVersion.Platform;
return (new UnixIPCChannel(socket) ); if(( platform ==4 ) || ( platform == 128 ))
return (new UnixIPCChannel(socket) ) ;
else else
return null; return null;
} }

View File

@ -253,7 +253,7 @@ namespace sscs.crypto
fsEncrypt.Write(hash,0,hash.Length); fsEncrypt.Write(hash,0,hash.Length);
fsEncrypt.Flush(); fsEncrypt.Flush();
#if CLEAR #if true//#if CLEAR //RAJ
byte[] dup = (byte[])xmlData.Clone(); byte[] dup = (byte[])xmlData.Clone();
// write clear file // write clear file
FileStream fsClear = new FileStream(fileName + ".xml", FileMode.Create); FileStream fsClear = new FileStream(fileName + ".xml", FileMode.Create);
@ -642,7 +642,49 @@ namespace sscs.crypto
} }
return null; return null;
} }
//internal static string GenerateMasterPasscodeUsingDesktopPasswd(
internal static byte[] GetServerMasterPasscodeUsingMasterPasswd(
string mPasswd,
string fileName,
bool bUseOldMethod)
{
return GetMasterPasscodeUsingMasterPasswd ( mPasswd, fileName, bUseOldMethod);
}
internal static byte[] GetServerMasterPasscodeUsingSystemKey(string fileName)
{
byte[] baSavedMasterPasscode = null;
try
{
#if LINUX
UnixFileInfo fsTest = new UnixFileInfo (fileName);
if((fsTest == null) || !(fsTest.Exists) || fsTest.IsSymbolicLink)
#else
if (!File.Exists(fileName))
#endif
{
return null;
}
FileStream fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.Read);
byte [] encryptedMasterPasscode = new byte[fs.Length];
fs.Read(encryptedMasterPasscode, 0, (int) fs.Length);
fs.Close();
baSavedMasterPasscode = new byte[16];
baSavedMasterPasscode = ProtectedData.Unprotect( encryptedMasterPasscode, null, DataProtectionScope.CurrentUser );
}
catch (CryptographicException e)
{
CSSSLogger.ExpLog(e.ToString());
CSSSLogger.DbgLog("Unable to decrypt master passode using the system key");
baSavedMasterPasscode = null;
}
return baSavedMasterPasscode;
}
internal static byte[] GenerateMasterPasscodeUsingString( internal static byte[] GenerateMasterPasscodeUsingString(
string desktopPasswd, string desktopPasswd,
string fileName, string fileName,
@ -678,6 +720,42 @@ namespace sscs.crypto
return null; return null;
} }
internal static byte[] GenerateServerMasterPasscode(
string fileName,
string validationFile
)
{
byte[] baPasscode = null;
try
{
// use AES to generate a random 16 byte key;
RijndaelManaged myRijndael = new RijndaelManaged();
myRijndael.KeySize = 128;
//Create a new key and initialization vector.
myRijndael.GenerateKey();
baPasscode = myRijndael.Key;
byte [] encryptedMasterPasscode = ProtectedData.Protect( baPasscode, null, DataProtectionScope.CurrentUser );
FileStream fs = new FileStream(fileName, FileMode.Create);
File.SetAttributes(fileName, FileAttributes.Hidden);
fs.Write(encryptedMasterPasscode, 0, encryptedMasterPasscode.Length);
fs.Flush();
fs.Close();
EncryptDataAndWriteToFile(
Encoding.Default.GetBytes(ConstStrings.MICASA_VALIDATION_STRING),
baPasscode,
validationFile);
}
catch(Exception e)
{
CSSSLogger.ExpLog(e.ToString());
CSSSLogger.DbgLog("Generation of master passcode failed.");
baPasscode = null;
}
return baPasscode;
}
public static bool ValidatePasscode(byte[] baPasscode, string fileName) public static bool ValidatePasscode(byte[] baPasscode, string fileName)
{ {
/* Here we decrpyt a well known string, throw exception /* Here we decrpyt a well known string, throw exception

View File

@ -65,6 +65,7 @@ namespace sscs.lss
private int persistThreadSleepTime = 1000 * 60 * 5; //1000 * 30; private int persistThreadSleepTime = 1000 * 60 * 5; //1000 * 30;
private Thread persistThread = null; private Thread persistThread = null;
private Thread sPersistThread = null;
#if LINUX #if LINUX
Mono.Unix.UnixFileSystemInfo sockFileInfo; Mono.Unix.UnixFileSystemInfo sockFileInfo;
@ -73,13 +74,22 @@ namespace sscs.lss
private static string LINUXID = "Unix"; private static string LINUXID = "Unix";
internal LocalStorage(SecretStore store, byte[] baMasterPasscode, bool dummy) // Merge this with the next cons - RAJ
{
userStore = store;
m_baGeneratedKey = baMasterPasscode;
LoadPersistentStore(ConstStrings.SSCS_SERVER_KEY_CHAIN_ID);
//userStore.DumpSecretstore();
}
internal LocalStorage(SecretStore store,byte[] baMasterPasscode) internal LocalStorage(SecretStore store,byte[] baMasterPasscode)
{ {
userStore = store; userStore = store;
m_baGeneratedKey = baMasterPasscode; m_baGeneratedKey = baMasterPasscode;
LoadPersistentStore(); LoadPersistentStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
userStore.DumpSecretstore(); userStore.DumpSecretstore();
} }
~LocalStorage() ~LocalStorage()
{ {
if(persistThread != null) if(persistThread != null)
@ -87,6 +97,12 @@ namespace sscs.lss
persistThread.Abort(); persistThread.Abort();
persistThread.Join(); persistThread.Join();
} }
if(sPersistThread != null)
{
sPersistThread.Abort();
sPersistThread.Join();
}
} }
// allowing a user to choose the storage location is not approved yet // allowing a user to choose the storage location is not approved yet
@ -95,7 +111,7 @@ namespace sscs.lss
{ {
userStore = store; userStore = store;
m_baGeneratedKey = baMasterPasscode; m_baGeneratedKey = baMasterPasscode;
LoadPersistentStore(); LoadPersistentStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
userStore.DumpSecretstore(); userStore.DumpSecretstore();
} }
@ -120,6 +136,15 @@ namespace sscs.lss
} }
} }
public void PersistServerStoreWithDelay()
{
if (sPersistThread == null)
{
sPersistThread = new Thread(new ThreadStart(PersistServerStoreDelayThreadFn));
sPersistThread.Start();
}
}
public bool StopPersistence() public bool StopPersistence()
{ {
if(persistThread != null) if(persistThread != null)
@ -130,6 +155,16 @@ namespace sscs.lss
return true; return true;
} }
public bool StopServerPersistence()
{
if(sPersistThread != null)
{
sPersistThread.Abort();
sPersistThread.Join();
}
return true;
}
public bool IsOwnedByRoot(string fileName) public bool IsOwnedByRoot(string fileName)
{ {
#if LINUX #if LINUX
@ -144,6 +179,73 @@ namespace sscs.lss
#endif #endif
} }
private string GetDecryptedServerSecretsXml()
{
try
{
string fileName = userStore.GetServerSecretsPersistenceFilePath();
string tempFile = fileName;
int count = 0;
if(!File.Exists(fileName))
{
while(true)
{
// check for tmp file
if (File.Exists(tempFile+".tmp"))
{
if(IsOwnedByRoot(tempFile+".tmp"))
{
File.Move(tempFile+".tmp", fileName);
break;
}
else
{
count++;
tempFile = fileName + count.ToString();
}
}
else
return null;
}
// delete tmp file if there
if (File.Exists(tempFile+".tmp"))
{
if(IsOwnedByRoot(tempFile+".tmp"))
File.Delete(tempFile+".tmp");
}
}
byte[] baPasscode = null;
if (null != m_baGeneratedKey)
baPasscode = m_baGeneratedKey;
else
baPasscode = CASACrypto.GetServerMasterPasscodeUsingSystemKey(userStore.GetServerPasscodeBySystemKeyFilePath());
if( null == baPasscode )
return null;
byte[] key = CASACrypto.GetKeySetFromFile(baPasscode,userStore.GetServerKeyFilePath());
if( null == key )
return null;
byte[] decryptedBuffer = CASACrypto.ReadFileAndDecryptData(key,fileName);
if( null == decryptedBuffer )
return null;
string temp = Encoding.UTF8.GetString(decryptedBuffer, 0, decryptedBuffer.Length);
return temp;
}
catch(Exception e)
{
CSSSLogger.ExpLog(e.ToString());
CSSSLogger.DbgLog("Unable to get persistent store");
}
return null;
}
private string GetDecryptedXml() private string GetDecryptedXml()
{ {
@ -212,17 +314,23 @@ namespace sscs.lss
} }
return null; return null;
} }
/* This method, uses the key to decrypt the persistent store /* This method, uses the key to decrypt the persistent store
* and populates userStore with the persistent data. * and populates userStore with the persistent data.
*/ */
private bool LoadPersistentStore() private bool LoadPersistentStore(string keyChainId)
{ {
try try
{ {
string xpath = ""; //string xpath = "";
XmlDocument doc = new XmlDocument(); XmlDocument doc = new XmlDocument();
string xmlToLoad = GetDecryptedXml(); string xmlToLoad = null;
if ( keyChainId == ConstStrings.SSCS_SESSION_KEY_CHAIN_ID )
xmlToLoad = GetDecryptedXml();
else if ( keyChainId == ConstStrings.SSCS_SERVER_KEY_CHAIN_ID )
xmlToLoad = GetDecryptedServerSecretsXml();
if(xmlToLoad != null) if(xmlToLoad != null)
{ {
doc.LoadXml(xmlToLoad); doc.LoadXml(xmlToLoad);
@ -403,24 +511,40 @@ namespace sscs.lss
private void PersistStoreDelayThreadFn() private void PersistStoreDelayThreadFn()
{ {
Thread.Sleep(15000); Thread.Sleep(15000);
PersistStore(); PersistStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
persistThread = null; persistThread = null;
} }
private void PersistServerStoreDelayThreadFn()
{
Thread.Sleep(15000);
PersistStore(ConstStrings.SSCS_SERVER_KEY_CHAIN_ID);
sPersistThread = null;
}
private void PersistStoreThreadFn() private void PersistStoreThreadFn()
{ {
while(true) while(true)
{ {
Thread.Sleep(persistThreadSleepTime); Thread.Sleep(persistThreadSleepTime);
PersistStore(); PersistStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
} }
} }
private void PersistServerStoreThreadFn()
{
while(true)
{
Thread.Sleep(persistThreadSleepTime);
PersistStore(ConstStrings.SSCS_SERVER_KEY_CHAIN_ID);
}
}
/* Persists the store to an xml file. /* Persists the store to an xml file.
* TBD : Would we require any form of encoding? * TBD : Would we require any form of encoding?
*/ */
internal void PersistStore() internal void PersistStore(string keyChainId)
{ {
string sPeristSecrets = null; string sPeristSecrets = null;
@ -434,18 +558,31 @@ namespace sscs.lss
if ((sPeristSecrets != null) && (sPeristSecrets.Equals("0"))) if ((sPeristSecrets != null) && (sPeristSecrets.Equals("0")))
{ {
// delete .miCASA file and .IV file // delete .miCASA file and .IV file
File.Delete(userStore.GetPersistenceFilePath()); if ( keyChainId == ConstStrings.SSCS_SESSION_KEY_CHAIN_ID )
File.Delete(userStore.GetPersistenceFilePath());
else if ( keyChainId == ConstStrings.SSCS_SERVER_KEY_CHAIN_ID )
File.Delete(userStore.GetServerSecretsPersistenceFilePath());
return; return;
} }
//userStore.DumpSecretstore(); //userStore.DumpSecretstore();
try try
{ {
MemoryStream ms1 = GetSecretsAsXMLStream(this.userStore); MemoryStream ms1 = GetSecretsAsXMLStream(this.userStore, keyChainId);
//byte[] key = CASACrypto.GetKeySetFromFile(CASACrypto.GetMasterPasscode(userStore.GetDesktopPasswd(),userStore.GetPasscodeByDesktopFilePath()),userStore.GetKeyFilePath()); byte[] key = null;
byte[] key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetKeyFilePath()); string fileName = null;
if ( keyChainId == ConstStrings.SSCS_SESSION_KEY_CHAIN_ID )
{
key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetKeyFilePath());
fileName = userStore.GetPersistenceFilePath();
}
else if ( keyChainId == ConstStrings.SSCS_SERVER_KEY_CHAIN_ID )
{
key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetServerKeyFilePath());
fileName = userStore.GetServerSecretsPersistenceFilePath();
}
string fileName = userStore.GetPersistenceFilePath();
string tempFile = fileName; string tempFile = fileName;
int count=0; int count=0;
@ -488,7 +625,7 @@ namespace sscs.lss
} }
} }
internal static MemoryStream GetSecretsAsXMLStream(SecretStore userStore) internal static MemoryStream GetSecretsAsXMLStream(SecretStore userStore, string keyChainId)
{ {
try try
{ {
@ -506,13 +643,16 @@ namespace sscs.lss
while( iter.MoveNext() ) while( iter.MoveNext() )
{ {
KeyChain kc = (KeyChain)iter.Value; KeyChain kc = (KeyChain)iter.Value;
writer.WriteStartElement(XmlConsts.keyChainNode);
string kcId = kc.GetKey(); string kcId = kc.GetKey();
tmpId = new char[kcId.Length-1]; tmpId = new char[kcId.Length-1];
for(int i = 0; i < kcId.Length-1; i++ ) for(int i = 0; i < kcId.Length-1; i++ )
tmpId[i] = kcId[i]; tmpId[i] = kcId[i];
sTmpId = new string(tmpId); sTmpId = new string(tmpId);
if( ( keyChainId != null ) && ( keyChainId != sTmpId ))
continue;
writer.WriteStartElement(XmlConsts.keyChainNode);
writer.WriteAttributeString(XmlConsts.idAttr,sTmpId); writer.WriteAttributeString(XmlConsts.idAttr,sTmpId);
// If we need to store time // If we need to store time
writer.WriteStartElement(XmlConsts.timeNode); writer.WriteStartElement(XmlConsts.timeNode);

View File

@ -50,6 +50,7 @@ case "$1" in
if ! is_running; then \ if ! is_running; then \
echo -n "Starting miCASA daemon" echo -n "Starting miCASA daemon"
$MICASAD_BIN $MICASAD_BIN
sleep 2
fi fi
# Remember status and be verbose # Remember status and be verbose
rc_status -v rc_status -v

View File

@ -165,6 +165,11 @@ namespace sscs.verbs
SecretStore ssStore = SessionManager.GetUserSecretStore(tempUserId); SecretStore ssStore = SessionManager.GetUserSecretStore(tempUserId);
if (!ssStore.IsStoreLocked()) if (!ssStore.IsStoreLocked())
{ {
if((keyChainId == ConstStrings.SSCS_SESSION_KEY_CHAIN_ID + "\0") && (!ssStore.CheckIfKeyChainExists(keyChainId)))
{
ssStore.AddKeyChain(new KeyChain(keyChainId));
}
if( ssStore.CheckIfKeyChainExists(keyChainId) ) if( ssStore.CheckIfKeyChainExists(keyChainId) )
{ {
keyChain = ssStore.GetKeyChain(keyChainId); keyChain = ssStore.GetKeyChain(keyChainId);

View File

@ -171,6 +171,7 @@ namespace sscs.verbs
ssStore.StartPersistenceByDesktopPasswd(passwd); ssStore.StartPersistenceByDesktopPasswd(passwd);
} }
} }
ssStore.UpdatePersistentStore();
} }
else else
{ {