1986 lines
55 KiB
C#
1986 lines
55 KiB
C#
using System;
|
|
using System.Collections.Generic;
|
|
using System.Linq;
|
|
using System.Text;
|
|
using System.Runtime.InteropServices;
|
|
using System.Management.Automation;
|
|
using System.Management.Automation.Provider;
|
|
using System.Management.Automation.Runspaces;
|
|
using System.Security.Principal;
|
|
using System.DirectoryServices;
|
|
using System.Security.Cryptography.X509Certificates;
|
|
using Intel.Management.Wsman;
|
|
using Intel.Management.Mei;
|
|
using System.Security;
|
|
using Common.Utils;
|
|
|
|
///AmtCrediental.cs has many Cmdlets that implement various types of credients
|
|
///Types of credendials include PSCredentials, Kerberos Credenitals, AD Objects,
|
|
namespace Intel.Management.PSModule.Amt
|
|
{
|
|
[Cmdlet(VerbsCommon.Get, "AmtCredential",
|
|
SupportsShouldProcess = true)]
|
|
|
|
public class AmtCredential : PSCmdlet, IDisposable
|
|
{
|
|
[Parameter(Mandatory = false, Position = 0, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true,
|
|
HelpMessage = "Amt device user name")]
|
|
public string UserName
|
|
{
|
|
get { return _userName; }
|
|
set { _userName = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = false, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true,
|
|
HelpMessage = "Amt device password")]
|
|
public SecureString Password
|
|
{
|
|
get { return _password; }
|
|
set
|
|
{
|
|
_password?.Dispose();
|
|
_password = value;
|
|
}
|
|
}
|
|
|
|
[Parameter(Mandatory = false)]
|
|
public SwitchParameter Force
|
|
{
|
|
get { return _force; }
|
|
set { _force = value; }
|
|
}
|
|
|
|
protected override void ProcessRecord()
|
|
{
|
|
if (string.IsNullOrEmpty(_userName) && _password == null)
|
|
{
|
|
Intel.Management.Mei.MeDevice me = new Intel.Management.Mei.MeDevice();
|
|
_userName = me.LocalConnection.Username;
|
|
_password = me.LocalConnection.Password;
|
|
}
|
|
if (string.IsNullOrEmpty(_userName))
|
|
_userName="admin";
|
|
if (_password == null)
|
|
_password=UserName.ConvertToSecureString();
|
|
|
|
WriteObject(new PSCredential(_userName,_password.Copy()));
|
|
}
|
|
|
|
string _userName;
|
|
SecureString _password;
|
|
bool _force;
|
|
|
|
#region IDisposable Implementation
|
|
|
|
private bool _disposed = false;
|
|
|
|
/// <summary>
|
|
/// Implement IDisposable method
|
|
/// </summary>
|
|
/// <param name="disposing"></param>
|
|
protected virtual void Dispose(bool disposing)
|
|
{
|
|
if (_disposed)
|
|
return;
|
|
if (disposing)
|
|
{
|
|
_password?.Dispose();
|
|
}
|
|
|
|
_disposed = true;
|
|
}
|
|
public void Dispose()
|
|
{
|
|
Dispose(true);
|
|
GC.SuppressFinalize(this);
|
|
}
|
|
~AmtCredential()
|
|
{
|
|
Dispose(false);
|
|
}
|
|
#endregion
|
|
}
|
|
|
|
|
|
/// <summary>
|
|
/// Converts a Digest realm and key to a password
|
|
/// </summary>
|
|
[Cmdlet(VerbsData.ConvertTo, "AmtPassword", SupportsShouldProcess = true) ]
|
|
public class CovertToPasswordCmd : PSCmdlet
|
|
{
|
|
[Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true,
|
|
HelpMessage = "A base64 encoded Master password" )]
|
|
public System.Security.SecureString MasterPassword
|
|
{
|
|
get { return _secureKey; }
|
|
set { _secureKey = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true,
|
|
HelpMessage = "Target Digest Realm")]
|
|
public string DigestRealm
|
|
{
|
|
get { return _realm; }
|
|
set { _realm = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = false, Position = 2, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true,
|
|
HelpMessage = "Target Digest user")]
|
|
public string Username
|
|
{
|
|
get { return _user; }
|
|
set { _user = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = false, Position = 3, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true,
|
|
HelpMessage = "Convert the password to plain text")]
|
|
public SwitchParameter AsPlainText
|
|
{
|
|
get { return _asPlainText; }
|
|
set { _asPlainText = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = false, Position = 4, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true,
|
|
HelpMessage = "Force the password to be plain text")]
|
|
public SwitchParameter Force
|
|
{
|
|
get { return _force; }
|
|
set { _force = value; }
|
|
}
|
|
|
|
protected override void ProcessRecord()
|
|
{
|
|
base.ProcessRecord();
|
|
|
|
if (_user == null)
|
|
_user = "admin";
|
|
|
|
byte[] key = null;
|
|
if (_secureKey != null)
|
|
{
|
|
key = Convert.FromBase64String(CredentialManager.GetStringFromSecureString(_secureKey));
|
|
}
|
|
//else if (_keyData != null)
|
|
// key = _keyData;
|
|
|
|
|
|
if (key != null)
|
|
{
|
|
System.Security.Cryptography.HMACSHA256 sha2 = new System.Security.Cryptography.HMACSHA256(key);
|
|
key = sha2.ComputeHash(Encoding.ASCII.GetBytes(_realm + _user));
|
|
|
|
string password = Convert.ToBase64String(key);
|
|
|
|
|
|
if (_asPlainText)
|
|
{
|
|
if (!_force)
|
|
throw new PSInvalidOperationException("Plain text passwords require the use of the Force switch");
|
|
|
|
WriteObject(password);
|
|
}
|
|
else
|
|
{
|
|
|
|
|
|
WriteObject(CredentialManager.GetSecureString(password));
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
System.Security.SecureString _secureKey;
|
|
//byte[] _keyData;
|
|
string _user;
|
|
string _realm;
|
|
bool _asPlainText;
|
|
bool _force;
|
|
}
|
|
|
|
public enum UserDisplayFormat
|
|
{
|
|
Domain,
|
|
Ldap,
|
|
}
|
|
|
|
|
|
[Cmdlet(VerbsData.ConvertTo, "Sid",
|
|
SupportsShouldProcess = true)]
|
|
public class ConvertToSid : PSCmdlet
|
|
{
|
|
|
|
[Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true,
|
|
HelpMessage = "Domain User Name")]
|
|
public string User
|
|
{
|
|
get { return _userName; }
|
|
set { _userName = value; }
|
|
}
|
|
|
|
protected override void ProcessRecord()
|
|
{
|
|
if (_userName.ToUpper().StartsWith("LDAP://"))
|
|
{
|
|
DirectoryEntry entry = new DirectoryEntry(_userName);
|
|
byte[] sidData = (byte[])entry.Properties["objectSid"].Value;
|
|
SecurityIdentifier sec = new SecurityIdentifier(sidData.ToArray(), 0);
|
|
WriteObject(sec);
|
|
}
|
|
else
|
|
{
|
|
NTAccount account = new NTAccount(_userName);
|
|
SecurityIdentifier sec = (SecurityIdentifier)account.Translate(typeof(SecurityIdentifier));
|
|
WriteObject(sec);
|
|
}
|
|
}
|
|
|
|
private string _userName;
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[Cmdlet(VerbsData.ConvertFrom, "Sid",
|
|
SupportsShouldProcess = true)]
|
|
public class ConvertFromSid : PSCmdlet
|
|
{
|
|
|
|
public ConvertFromSid()
|
|
{
|
|
_format = UserDisplayFormat.Domain;
|
|
}
|
|
|
|
|
|
[Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true,
|
|
HelpMessage = "Security Identifier in SDDL form")]
|
|
public string Sid
|
|
{
|
|
get { return _sddl; }
|
|
set { _sddl = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = false, Position = 0, ValueFromPipeline = true,
|
|
HelpMessage = "User Display Format")]
|
|
public UserDisplayFormat Format
|
|
{
|
|
get { return _format; }
|
|
set { _format = value; }
|
|
}
|
|
|
|
protected override void ProcessRecord()
|
|
{
|
|
SecurityIdentifier sec = new SecurityIdentifier(_sddl);
|
|
switch (_format)
|
|
{
|
|
case UserDisplayFormat.Domain:
|
|
NTAccount account = (NTAccount)sec.Translate(typeof(NTAccount));
|
|
WriteObject(account);
|
|
break;
|
|
case UserDisplayFormat.Ldap:
|
|
DirectorySearcher s = new DirectorySearcher("(objectSid=" + sec.Value + ")");
|
|
SearchResult sc = s.FindOne();
|
|
WriteObject(sc.Path);
|
|
break;
|
|
default:
|
|
throw new PSArgumentException();
|
|
}
|
|
|
|
}
|
|
|
|
private string _sddl;//Security descriptor definition form
|
|
private UserDisplayFormat _format;
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[Cmdlet(VerbsCommon.Get, "AmtDirectoryObject",
|
|
SupportsShouldProcess = true)]
|
|
public class GetDirectoryObjectCmd : PSCmdlet
|
|
{
|
|
[Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true,
|
|
HelpMessage = "Service Principal Name")]
|
|
public string ComputerName
|
|
{
|
|
get { return _host; }
|
|
set { _host = value; }
|
|
}
|
|
|
|
|
|
|
|
protected override void ProcessRecord()
|
|
{
|
|
DirectorySearcher searcher = null;
|
|
|
|
string spn= "HTTP/" + _host + ":16992";
|
|
|
|
searcher = new DirectorySearcher("(servicePrincipalName=" + spn + ")");
|
|
|
|
foreach (SearchResult result in searcher.FindAll())
|
|
{
|
|
DirectoryEntry entry = new DirectoryEntry(result.Path);
|
|
WriteObject(entry);
|
|
}
|
|
}
|
|
string _host;
|
|
|
|
}
|
|
|
|
[Cmdlet(VerbsCommon.Remove, "AmtDirectoryObject",
|
|
SupportsShouldProcess = true)]
|
|
public class RemoveDirectoryObjectCmd : PSCmdlet
|
|
{
|
|
[Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true,
|
|
HelpMessage = "Service Principal Name")]
|
|
public System.DirectoryServices.DirectoryEntry Entery
|
|
{
|
|
get { return _entry; }
|
|
set { _entry = value; }
|
|
}
|
|
|
|
protected override void ProcessRecord()
|
|
{
|
|
DirectoryEntry parentEntry = _entry.Parent;
|
|
parentEntry.Children.Remove(_entry);
|
|
parentEntry.CommitChanges();
|
|
|
|
}
|
|
DirectoryEntry _entry;
|
|
}
|
|
|
|
[Cmdlet(VerbsCommon.New, "AmtDirectoryObject",
|
|
SupportsShouldProcess = true)]
|
|
public class NewDirectoryObjectCmd : PSCmdlet
|
|
{
|
|
|
|
[Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true,
|
|
HelpMessage = "hostName")]
|
|
public string ComputerName
|
|
{
|
|
get { return _host; }
|
|
set { _host = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true,
|
|
HelpMessage = "Directory Container")]
|
|
public string Container
|
|
{
|
|
get { return _container; }
|
|
set { _container = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = false, Position = 2, ValueFromPipeline = true,
|
|
HelpMessage = "Password")]
|
|
public string Password
|
|
{
|
|
get { return _password; }
|
|
set { _password = value; }
|
|
}
|
|
|
|
protected override void ProcessRecord()
|
|
{
|
|
|
|
if (_container.IndexOf("=") < 0)
|
|
_container = "OU=" + _container;
|
|
|
|
if (!_container.ToUpper().StartsWith("LDAP://"))
|
|
_container = "LDAP://" + _container;
|
|
|
|
|
|
|
|
DirectoryEntry ouEntry = new DirectoryEntry(_container);
|
|
|
|
char[] splits = { '.' };
|
|
string[] hosts = _host.Split(splits, StringSplitOptions.RemoveEmptyEntries);
|
|
if (hosts.Length == 1)
|
|
{
|
|
int pos = ouEntry.Path.IndexOf(",DC=");
|
|
if (pos >= 0)
|
|
{
|
|
string domain = ouEntry.Path.Substring(pos);
|
|
domain = domain.Replace(",DC=", ".");
|
|
_host = _host + domain;
|
|
hosts = _host.Split(splits, StringSplitOptions.RemoveEmptyEntries);
|
|
}
|
|
}
|
|
|
|
|
|
DirectoryEntry newEntry = ouEntry.Children.Add("CN=" + hosts[0], "Computer");
|
|
|
|
//makesure the object exsists
|
|
ouEntry.CommitChanges();
|
|
newEntry.CommitChanges();
|
|
|
|
|
|
object[] param = new object[1];
|
|
|
|
newEntry.AuthenticationType = AuthenticationTypes.Secure;
|
|
|
|
param[0] = _password;
|
|
newEntry.Invoke("SetPassword", param);
|
|
param[0] = 66172; //512
|
|
newEntry.InvokeSet("userAccountControl", param);
|
|
|
|
param[0] = hosts[0] + "$iME";
|
|
newEntry.InvokeSet("samAccountName", param);
|
|
|
|
object[] spns = new object[4];
|
|
spns[0] = "HTTP/" + _host + ":16992";
|
|
spns[1] = "HTTP/" + _host + ":16993";
|
|
spns[2] = "HTTP/" + _host + ":16994";
|
|
spns[3] = "HTTP/" + _host + ":16995";
|
|
param[0] = spns;
|
|
newEntry.InvokeSet("servicePrincipalName", param);
|
|
|
|
param[0] = false;
|
|
newEntry.InvokeSet("AccountDisabled", param);
|
|
newEntry.CommitChanges();
|
|
|
|
WriteObject(newEntry);
|
|
|
|
}
|
|
|
|
private string _container;
|
|
private string _host;
|
|
private string _password;
|
|
}//End CreateObject
|
|
|
|
|
|
|
|
|
|
[Cmdlet(VerbsCommon.Get, "CertificateChain",
|
|
SupportsShouldProcess = true)]
|
|
public class GetCertificateChainCmd : PSCmdlet
|
|
{
|
|
[Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true,
|
|
HelpMessage = "PKI Leaf Certificate")]
|
|
public X509Certificate2 Certificate
|
|
{
|
|
get { return _cert; }
|
|
set { _cert = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = false, HelpMessage = "Return only the Root of the chain")]
|
|
public SwitchParameter RootOnly
|
|
{
|
|
get { return _rootOnly; }
|
|
set { _rootOnly = value; }
|
|
}
|
|
|
|
protected override void ProcessRecord()
|
|
{
|
|
|
|
X509Chain chain = new X509Chain();
|
|
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
|
|
|
|
chain.Build(_cert as X509Certificate2);
|
|
|
|
for (int i = 0; i < chain.ChainElements.Count; i++)
|
|
{
|
|
bool doWrite = _rootOnly == false || (i == chain.ChainElements.Count - 1);
|
|
if (doWrite)
|
|
WriteObject(chain.ChainElements[i].Certificate);
|
|
}
|
|
chain.Reset();
|
|
}
|
|
|
|
X509Certificate2 _cert;
|
|
bool _rootOnly;
|
|
}//end GetRootCertificate
|
|
|
|
|
|
[Cmdlet(VerbsCommon.Get, "AmtSignature",
|
|
SupportsShouldProcess = true)]
|
|
public class GetSignatureCmd : PSCmdlet
|
|
{
|
|
[Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true,
|
|
HelpMessage = "Digital AMT Setup Certificate")]
|
|
public X509Certificate2 Certificate
|
|
{
|
|
get { return _cert; }
|
|
set { _cert = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true,
|
|
HelpMessage = "Dicovered Hardware Nonce")]
|
|
public string ConfigurationNonce
|
|
{
|
|
get { return _configNonce; }
|
|
set { _configNonce = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = false, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true,
|
|
HelpMessage = "Random Generate McNonce")]
|
|
public string McNonce
|
|
{
|
|
get { return _mcNonce; }
|
|
set { _mcNonce = value; }
|
|
}
|
|
|
|
|
|
protected override void ProcessRecord()
|
|
{
|
|
|
|
byte[] data = GetNonceData();
|
|
|
|
byte[] sig;
|
|
string hashAlg = "SHA256";
|
|
|
|
System.Security.Cryptography.RSACryptoServiceProvider rsa = (System.Security.Cryptography.RSACryptoServiceProvider)_cert.PrivateKey;
|
|
|
|
|
|
|
|
System.Security.Cryptography.RSAParameters rp = rsa.ExportParameters(true);
|
|
rsa = new System.Security.Cryptography.RSACryptoServiceProvider();
|
|
rsa.ImportParameters(rp);
|
|
|
|
sig = rsa.SignData(data, hashAlg);
|
|
if (!rsa.VerifyData(data,hashAlg, sig))
|
|
{
|
|
throw new InvalidOperationException("RSA Signature not valid");
|
|
|
|
}
|
|
|
|
X509Chain chain = new X509Chain();
|
|
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
|
|
|
|
chain.Build(_cert as X509Certificate2);
|
|
|
|
//verify from chain;
|
|
rsa = (System.Security.Cryptography.RSACryptoServiceProvider)chain.ChainElements[0].Certificate.PublicKey.Key;
|
|
|
|
if (!rsa.VerifyData(data, hashAlg, sig))
|
|
{
|
|
throw new InvalidOperationException("RSA Signature not valid");
|
|
|
|
}
|
|
|
|
|
|
DigitalSignatureInfo info = new DigitalSignatureInfo(Convert.ToBase64String(sig),
|
|
_mcNonce,
|
|
_configNonce,
|
|
chain);
|
|
|
|
|
|
|
|
WriteObject(info);
|
|
}
|
|
|
|
private byte[] GetNonceData()
|
|
{
|
|
|
|
if (_mcNonce == null)
|
|
{
|
|
byte[] rndData = new byte[20];
|
|
|
|
System.Security.Cryptography.RandomNumberGenerator rng = System.Security.Cryptography.RandomNumberGenerator.Create();
|
|
|
|
rng.GetBytes(rndData);
|
|
_mcNonce = Convert.ToBase64String(rndData);
|
|
|
|
}
|
|
|
|
|
|
byte[] configData = Convert.FromBase64String(_configNonce);
|
|
byte[] mcData = Convert.FromBase64String(_mcNonce);
|
|
|
|
byte[] data = new byte[configData.Length + mcData.Length];
|
|
|
|
Array.Copy(configData, 0, data, 0, configData.Length);
|
|
Array.Copy(mcData, 0, data, configData.Length, mcData.Length);
|
|
|
|
return data;
|
|
|
|
}
|
|
|
|
X509Certificate2 _cert;
|
|
string _configNonce;
|
|
string _mcNonce;
|
|
}
|
|
|
|
[Cmdlet(VerbsCommon.Get, "AmtCredentialPath",
|
|
SupportsShouldProcess = true)]
|
|
public class GetCredentialPath : PSCmdlet
|
|
{
|
|
public GetCredentialPath()
|
|
{
|
|
_envType = Environment.SpecialFolder.LocalApplicationData;
|
|
|
|
}
|
|
|
|
[Parameter(Mandatory = false, Position = 0, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true,
|
|
HelpMessage = "Get Shared Credential Path")]
|
|
public SwitchParameter Shared
|
|
{
|
|
get
|
|
{
|
|
return _envType == Environment.SpecialFolder.CommonApplicationData;
|
|
}
|
|
set
|
|
{
|
|
if (value)
|
|
_envType = Environment.SpecialFolder.CommonApplicationData;
|
|
|
|
else
|
|
_envType = Environment.SpecialFolder.LocalApplicationData;
|
|
}
|
|
}
|
|
|
|
|
|
|
|
protected override void ProcessRecord()
|
|
{
|
|
|
|
string path = System.Environment.GetFolderPath(_envType);
|
|
path = System.IO.Path.Combine(path, "Intel");
|
|
path = System.IO.Path.Combine(path, "vProModule");
|
|
path = System.IO.Path.Combine(path, "shell.credentials.txt");
|
|
WriteObject(path);
|
|
//System.Text.Encoding.ASCII.GetBytes()
|
|
|
|
}
|
|
Environment.SpecialFolder _envType;
|
|
}
|
|
|
|
|
|
|
|
[Cmdlet(VerbsCommon.Get, "AmtCertificate",DefaultParameterSetName="pfx",
|
|
SupportsShouldProcess = true)]
|
|
public class GetAmtCertificateCmd : PSCmdlet
|
|
{
|
|
public GetAmtCertificateCmd()
|
|
{
|
|
_storeName = "My";
|
|
}
|
|
|
|
[Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true,ValueFromPipelineByPropertyName=true,
|
|
ParameterSetName="pfx", HelpMessage = "Path to a certificate file")]
|
|
public string FilePath
|
|
{
|
|
get { return _filePath; }
|
|
set { _filePath = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = false, Position = 1, ValueFromPipeline = true,ValueFromPipelineByPropertyName=true,
|
|
ParameterSetName="pfx",HelpMessage = "Password protecting the private key")]
|
|
public string Password
|
|
{
|
|
get { return _password; }
|
|
set { _password = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = false,ParameterSetName="pfx")]
|
|
public SwitchParameter Force
|
|
{
|
|
get { return _force; }
|
|
set { _force = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true,
|
|
ParameterSetName = "store", HelpMessage = "The thumbprint of the certificate to load")]
|
|
public string Thumbprint
|
|
{
|
|
get { return _thumbprint; }
|
|
set { _thumbprint = value.Replace(" ",string.Empty).ToUpper(); }
|
|
}
|
|
|
|
[Parameter(Mandatory = false, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true,
|
|
ParameterSetName = "store", HelpMessage = "The Certificate Store Name")]
|
|
public string StoreName
|
|
{
|
|
get { return _storeName; }
|
|
set { _storeName = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = false, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true,
|
|
ParameterSetName = "store", HelpMessage = "The the machine store instead of the User store")]
|
|
public SwitchParameter UseMachineStore
|
|
{
|
|
get { return _useMachine; }
|
|
set { _useMachine = value; }
|
|
}
|
|
|
|
protected override void ProcessRecord()
|
|
{
|
|
|
|
if (_password != null && !_force)
|
|
{
|
|
throw new PSInvalidOperationException("plain text passwords require the use of the -Force switch");
|
|
}
|
|
|
|
|
|
if (_thumbprint==null && _password == null)
|
|
{
|
|
this.Host.UI.Write("Enter pfx password: ");
|
|
System.Security.SecureString secString = this.Host.UI.ReadLineAsSecureString();
|
|
_password = CredentialManager.GetStringFromSecureString(secString);
|
|
}
|
|
|
|
if (_thumbprint != null)
|
|
{
|
|
System.Security.Cryptography.X509Certificates.StoreName xStoreName = System.Security.Cryptography.X509Certificates.StoreName.My;
|
|
StoreLocation location = StoreLocation.CurrentUser;
|
|
if (_useMachine) location = StoreLocation.LocalMachine;
|
|
|
|
X509Store store=null;
|
|
|
|
|
|
switch (_storeName.ToLower())
|
|
{
|
|
case "my":
|
|
store = new X509Store(System.Security.Cryptography.X509Certificates.StoreName.My,location);
|
|
break;
|
|
case "ca":
|
|
case "certificateauthority":
|
|
store = new X509Store(System.Security.Cryptography.X509Certificates.StoreName.CertificateAuthority,location);
|
|
break;
|
|
case "authroot":
|
|
store = new X509Store(System.Security.Cryptography.X509Certificates.StoreName.AuthRoot,location);
|
|
break;
|
|
case "root":
|
|
store = new X509Store(System.Security.Cryptography.X509Certificates.StoreName.Root,location);
|
|
break;
|
|
case "trustedpeople":
|
|
store = new X509Store(System.Security.Cryptography.X509Certificates.StoreName.TrustedPeople,location);
|
|
break;
|
|
case "trustedpublisher":
|
|
store = new X509Store(System.Security.Cryptography.X509Certificates.StoreName.TrustedPublisher,location);
|
|
break;
|
|
default:
|
|
store = new X509Store(xStoreName,location);
|
|
break;
|
|
|
|
|
|
}
|
|
|
|
store.Open(OpenFlags.MaxAllowed);
|
|
try
|
|
{
|
|
X509Certificate2 result = null;
|
|
// X509Certificate2Collection col= store.Certificates.Find(X509FindType.FindByThumbprint,_thumbprint ,true);
|
|
|
|
X509Certificate2Collection col = store.Certificates;
|
|
foreach (X509Certificate2 cert in col)
|
|
{
|
|
if (string.Compare(cert.Thumbprint,_thumbprint,true)==0)
|
|
result = cert;
|
|
}
|
|
|
|
if (result != null) WriteObject(result);
|
|
|
|
}
|
|
finally
|
|
{
|
|
store.Close();
|
|
}
|
|
}
|
|
else
|
|
{
|
|
|
|
|
|
X509Certificate2Collection certs = new X509Certificate2Collection();
|
|
certs.Import(_filePath, _password, X509KeyStorageFlags.Exportable);
|
|
foreach (X509Certificate2 cert in certs)
|
|
{
|
|
if (cert.HasPrivateKey)
|
|
{
|
|
WriteObject(cert);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
string _filePath;
|
|
string _password;
|
|
string _thumbprint;
|
|
string _storeName;
|
|
bool _useMachine;
|
|
bool _force;
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[Cmdlet(VerbsCommon.New, "AmtPassword",
|
|
SupportsShouldProcess = true)]
|
|
public class NewPasswordCmd : PSCmdlet, IDisposable
|
|
{
|
|
|
|
public NewPasswordCmd()
|
|
: base()
|
|
{
|
|
_length = 32;
|
|
}
|
|
|
|
[Parameter(Mandatory = false, Position = 0, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true,
|
|
HelpMessage = "Password Length")]
|
|
public int Length
|
|
{
|
|
get { return _length; }
|
|
set { _length = value; }
|
|
}
|
|
|
|
|
|
[Parameter(Mandatory = false,
|
|
HelpMessage = "Convert the password to Base64 Encoded String")]
|
|
public SwitchParameter AsBase64
|
|
{
|
|
get { return _asBase64; }
|
|
set { _asBase64 = value; }
|
|
}
|
|
|
|
protected override void ProcessRecord()
|
|
{
|
|
SecureString password = null;
|
|
try
|
|
{
|
|
if (_asBase64)
|
|
{
|
|
System.Security.Cryptography.RandomNumberGenerator rng =
|
|
System.Security.Cryptography.RandomNumberGenerator.Create();
|
|
byte[] data = new byte[_length];
|
|
rng.GetBytes(data);
|
|
password = data.ConvertByteArrayToSecureString();
|
|
Array.Clear(data, 0, data.Length);
|
|
}
|
|
else
|
|
{
|
|
IMeDevice me = new MeDevice();
|
|
password = me.CreateRandomPassword(_length);
|
|
}
|
|
|
|
WriteObject(password);
|
|
}
|
|
finally
|
|
{
|
|
password?.Dispose();
|
|
}
|
|
}
|
|
|
|
int _length;
|
|
bool _asBase64;
|
|
|
|
|
|
#region IDisposable
|
|
|
|
|
|
/// <summary>
|
|
/// Implement IDisposable method
|
|
/// </summary>
|
|
/// <param name="disposing"></param>
|
|
protected virtual void Dispose(bool disposing)
|
|
{
|
|
if (disposing)
|
|
{
|
|
return;
|
|
}
|
|
}
|
|
public void Dispose()
|
|
{
|
|
Dispose(true);
|
|
GC.SuppressFinalize(this);
|
|
}
|
|
|
|
~NewPasswordCmd()
|
|
{
|
|
Dispose(false);
|
|
}
|
|
|
|
#endregion
|
|
|
|
}
|
|
|
|
|
|
|
|
/// <summary>
|
|
/// Certificate Chain Status
|
|
/// </summary>
|
|
public enum HashAlgorithmType
|
|
{
|
|
Unknown = 0,
|
|
Sha1 = 1,
|
|
Sha256 = 2,
|
|
Sha384 = 3,
|
|
}
|
|
|
|
/// <summary>
|
|
/// Host Setup record
|
|
/// </summary>
|
|
public class SetupRecord
|
|
{
|
|
Intel.Management.Wsman.IManagedInstance _recordObj;
|
|
|
|
|
|
/// <summary>
|
|
/// Constructs a setup record
|
|
/// </summary>
|
|
/// <param name="recordObj">Wsman Instance of the record</param>
|
|
public SetupRecord(IManagedInstance recordObj)
|
|
{
|
|
|
|
_recordObj = recordObj;
|
|
|
|
}
|
|
|
|
|
|
|
|
/// <summary>
|
|
/// Get setup timestamp
|
|
/// </summary>
|
|
public DateTime Timestamp
|
|
{
|
|
get
|
|
{
|
|
return Intel.Management.Mei.MeDevice.FormatDate(_recordObj.GetProperty("CreationTimeStamp"));
|
|
|
|
}
|
|
}
|
|
|
|
/// <summary>
|
|
/// The name of the log
|
|
/// </summary>
|
|
public string LogName
|
|
{
|
|
get
|
|
{
|
|
return _recordObj.GetProperty("LogName").ToString();
|
|
}
|
|
}
|
|
|
|
/// <summary>
|
|
/// Recored ID
|
|
/// </summary>
|
|
public string RecordID
|
|
{
|
|
get
|
|
{
|
|
return _recordObj.GetProperty("RecordID").ToString();
|
|
}
|
|
}
|
|
|
|
|
|
/// <summary>
|
|
/// Gets a flag for Secure DNS
|
|
/// </summary>
|
|
public bool SecureDNS
|
|
{
|
|
get
|
|
{
|
|
if (_recordObj.GetProperty("SecureDNS").IsNull)
|
|
return false;
|
|
|
|
return bool.Parse(_recordObj.GetProperty("SecureDNS").ToString());
|
|
}
|
|
}
|
|
|
|
public string CertificateCN
|
|
{
|
|
get
|
|
{
|
|
if (_recordObj.GetProperty("CertificateCN").IsNull)
|
|
return string.Empty;
|
|
|
|
return
|
|
_recordObj.GetProperty("CertificateCN").ToString();
|
|
|
|
}
|
|
}
|
|
|
|
public HashAlgorithmType HashAlgorithm
|
|
{
|
|
get
|
|
{
|
|
if (!_recordObj.GetProperty("HashAlgorithm").IsNull)
|
|
{
|
|
switch (int.Parse(_recordObj.GetProperty("HashAlgorithm").ToString()))
|
|
{
|
|
case 2:
|
|
return HashAlgorithmType.Sha1;
|
|
case 3:
|
|
return HashAlgorithmType.Sha256;
|
|
default:
|
|
return HashAlgorithmType.Unknown;
|
|
|
|
}
|
|
}
|
|
else if (!_recordObj.GetProperty("SelectedHashType").IsNull)
|
|
{
|
|
return (HashAlgorithmType)int.Parse(_recordObj.GetProperty("SelectedHashType").ToString());
|
|
}
|
|
return HashAlgorithmType.Unknown;
|
|
}
|
|
}
|
|
|
|
|
|
public string CertificateHash
|
|
{
|
|
get
|
|
{
|
|
string result = string.Empty;
|
|
if (!_recordObj.GetProperty("ProvCertificateHash").IsNull)
|
|
{
|
|
result= _recordObj.GetProperty("ProvCertificateHash").ToString();
|
|
}
|
|
else if (!_recordObj.GetProperty("SelectedHashData").IsNull)
|
|
{
|
|
result= _recordObj.GetProperty("SelectedHashData").ToString();
|
|
}
|
|
|
|
if (!string.IsNullOrEmpty(result))
|
|
{
|
|
byte[] hash = Convert.FromBase64String(result);
|
|
|
|
result = BitConverter.ToString(hash);
|
|
result = result.Replace("-", string.Empty);
|
|
result=result.ToUpper();
|
|
|
|
}
|
|
return result;
|
|
}
|
|
}
|
|
|
|
public string[] CaCertificateSerials
|
|
{
|
|
get
|
|
{
|
|
List<string> result = new List<string>();
|
|
foreach (Intel.Management.Wsman.IWsmanItem item in _recordObj.GetProperty("CaCertificateSerials"))
|
|
{
|
|
result.Add(item.ToString());
|
|
}
|
|
|
|
return result.ToArray();
|
|
}
|
|
}
|
|
|
|
public bool AdditionalCaSerialNums
|
|
{
|
|
get
|
|
{
|
|
if (_recordObj.GetProperty("AdditionalCaSerialNums").IsNull)
|
|
return false;
|
|
|
|
return bool.Parse(_recordObj.GetProperty("AdditionalCaSerialNums").ToString());
|
|
}
|
|
}
|
|
|
|
public bool HashIsOemDefault
|
|
{
|
|
get
|
|
{
|
|
if (_recordObj.GetProperty("HashIsOemDefault").IsNull)
|
|
return false;
|
|
|
|
return bool.Parse(_recordObj.GetProperty("HashIsOemDefault").ToString());
|
|
}
|
|
}
|
|
}//End SetupRecord
|
|
|
|
|
|
|
|
|
|
public class DigitalSignatureInfo
|
|
{
|
|
string _signature;
|
|
string _mcNonce;
|
|
string _configNonce;
|
|
X509Chain _chain;
|
|
|
|
public DigitalSignatureInfo(string signature, string mcNonce, string configNonce, X509Chain chain)
|
|
{
|
|
_signature=signature;
|
|
_mcNonce=mcNonce;
|
|
_configNonce=configNonce;
|
|
_chain=chain;
|
|
}
|
|
|
|
public string Signature
|
|
{
|
|
get { return _signature; }
|
|
}
|
|
|
|
public string McNonce
|
|
{
|
|
get { return _mcNonce; }
|
|
}
|
|
|
|
public string ConfigurationNonce
|
|
{
|
|
get { return _configNonce; }
|
|
}
|
|
|
|
public X509Chain CertificateChain
|
|
{
|
|
get { return _chain; }
|
|
}
|
|
|
|
public string SignatureType
|
|
{
|
|
get { return "SHA246"; }
|
|
}
|
|
|
|
public byte[] GetRawData()
|
|
{
|
|
byte[] mcData = Convert.FromBase64String(_mcNonce);
|
|
byte[] configData = Convert.FromBase64String(_configNonce);
|
|
byte[] result = new byte[mcData.Length + configData.Length];
|
|
|
|
Array.Copy(configData, 0, result, 0, configData.Length);
|
|
Array.Copy(mcData, 0, result, configData.Length, mcData.Length);
|
|
|
|
return result;
|
|
}
|
|
}
|
|
|
|
|
|
|
|
public class AmtProxy
|
|
{
|
|
protected string _address;
|
|
protected string _userName;
|
|
protected string _password;
|
|
|
|
public AmtProxy() { }
|
|
|
|
public string Address
|
|
{
|
|
get { return _address;}
|
|
set { _address = value; }
|
|
}
|
|
|
|
public string Username
|
|
{
|
|
get { return _userName; }
|
|
set { _userName = value; }
|
|
}
|
|
|
|
public string Password
|
|
{
|
|
get { return _password; }
|
|
set { _password = value; }
|
|
}
|
|
}
|
|
|
|
|
|
class LConnectionManager
|
|
{
|
|
[ThreadStatic]
|
|
private static WsmanConnection _conn;
|
|
|
|
public static WsmanConnection Active
|
|
{
|
|
get
|
|
{
|
|
return _conn;
|
|
}
|
|
set
|
|
{
|
|
_conn = value;
|
|
}
|
|
}
|
|
}
|
|
|
|
public class ConnectionManager
|
|
{
|
|
|
|
[ThreadStatic]
|
|
private static WsmanConnection _conn;
|
|
[ThreadStatic]
|
|
private static WsmanConnection _osAdminConn;
|
|
[ThreadStatic]
|
|
private static HECIClass _heci;
|
|
|
|
|
|
/// <summary>
|
|
/// Removes and Closes an Active connection
|
|
/// </summary>
|
|
/// <param name="conn"></param>
|
|
public static void Remove(WsmanConnection conn)
|
|
{
|
|
if (_conn.Equals(conn))
|
|
{
|
|
_conn = null;
|
|
conn.Close();
|
|
}
|
|
else if (_osAdminConn.Equals(conn))
|
|
{
|
|
conn.Close();
|
|
_osAdminConn=null;
|
|
_heci = null;
|
|
}
|
|
}
|
|
|
|
/// <summary>
|
|
/// Gets or sets the Active AMT session
|
|
/// </summary>
|
|
public static WsmanConnection ActiveSession
|
|
{
|
|
get
|
|
{
|
|
return _conn;
|
|
}
|
|
set
|
|
{
|
|
_conn = value;
|
|
}
|
|
|
|
}
|
|
|
|
/// <summary>
|
|
/// Gets a Heci connection
|
|
/// </summary>
|
|
public static HECIClass Heci
|
|
{
|
|
get
|
|
{
|
|
if (_heci==null)
|
|
_heci=new HECIClass();
|
|
|
|
return _heci;
|
|
}
|
|
}
|
|
|
|
/// <summary>
|
|
/// Gets a local Os Admin Wsman Connection
|
|
/// </summary>
|
|
public static WsmanConnection LocalSession
|
|
{
|
|
get
|
|
{
|
|
|
|
if (_osAdminConn==null)
|
|
{
|
|
Heci.Init();//make sure we have a HECI object
|
|
try
|
|
{
|
|
|
|
string username;
|
|
SecureString password;
|
|
if (_heci.GetLocalAdminCredentials(out username, out password))
|
|
{
|
|
_osAdminConn = new WsmanConnection();
|
|
_osAdminConn.SetCredentials(username, password);
|
|
}
|
|
}
|
|
finally
|
|
{
|
|
_heci.DeInit();
|
|
}
|
|
}
|
|
|
|
return _osAdminConn;
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
|
|
public class DeviceCertificate : X509Certificate2
|
|
{
|
|
private string _instanceID;
|
|
bool _isRoot;
|
|
|
|
public DeviceCertificate(string base64Data,string instanceID,bool isTrustedRoot)
|
|
: base(Convert.FromBase64String(base64Data))
|
|
{
|
|
_instanceID = instanceID;
|
|
_isRoot = isTrustedRoot;
|
|
}
|
|
|
|
public DeviceCertificate(X509Certificate2 cert, string instanceID, bool isTrustedRoot)
|
|
: base(cert.RawData)
|
|
{
|
|
_instanceID = instanceID;
|
|
_isRoot = isTrustedRoot;
|
|
}
|
|
|
|
public DeviceCertificate()
|
|
: base()
|
|
{
|
|
_instanceID = string.Empty;
|
|
_isRoot = false;
|
|
}
|
|
|
|
public string InstanceID
|
|
{
|
|
get
|
|
{
|
|
return _instanceID;
|
|
}
|
|
}
|
|
|
|
public bool IsTrustedRootCertificate
|
|
{
|
|
get
|
|
{
|
|
return _isRoot;
|
|
}
|
|
}
|
|
|
|
public override string ToString()
|
|
{
|
|
if (string.IsNullOrEmpty(_instanceID))
|
|
return string.Empty;
|
|
return Thumbprint;
|
|
}
|
|
}
|
|
|
|
|
|
///
|
|
public class CertificateItem
|
|
{
|
|
X509Certificate2 _item;
|
|
public CertificateItem(DeviceCertificate item)
|
|
{
|
|
_item = item;
|
|
}
|
|
|
|
public string Name
|
|
{
|
|
get { return _item.Thumbprint; }
|
|
}
|
|
|
|
public X509Certificate2 Value
|
|
{
|
|
get { return _item; }
|
|
}
|
|
|
|
public string Type
|
|
{
|
|
get { return "DeviceCertificate"; }
|
|
|
|
}
|
|
}
|
|
|
|
|
|
public class HashItem
|
|
{
|
|
string _name;
|
|
string _value;
|
|
public HashItem(string name, string value)
|
|
{
|
|
_name = name;
|
|
_value = value;
|
|
}
|
|
|
|
public string Name
|
|
{
|
|
get { return _name; }
|
|
}
|
|
|
|
public string Value
|
|
{
|
|
get { return _value; }
|
|
}
|
|
}
|
|
|
|
|
|
|
|
public enum AuthenticationProtocol : int
|
|
{
|
|
TLS=0,
|
|
TTLS_MSCHAPv2=1,
|
|
PEAP_MSCHAPv2=2,
|
|
EAP_GTC=3,
|
|
EAPFAST_MSCHAPv2=4,
|
|
EAPFAST_GTC=5,
|
|
EAPFAST_TLS=6,
|
|
}
|
|
|
|
|
|
|
|
|
|
public class WirelessProfile
|
|
{
|
|
string _instanceId;
|
|
string _ssid;
|
|
string _name;
|
|
int _priority;
|
|
string _authMethod;
|
|
string _encMethod;
|
|
WPASettings _wpa;
|
|
IEEESettings _ieee;
|
|
|
|
public WirelessProfile()
|
|
{
|
|
//_authMethod = ValueMap.Create("1", SupportedAuthenticationMethods);
|
|
//_encMethod = ValueMap.Create("6", SupportedEncryptionMethods);
|
|
|
|
_wpa = new WPASettings();
|
|
_ieee = new IEEESettings();
|
|
}
|
|
|
|
|
|
public string Name
|
|
{
|
|
get { return _name; }
|
|
set { _name = value; }
|
|
}
|
|
|
|
|
|
public string InstanceID
|
|
{
|
|
get { return _instanceId; }
|
|
set { _instanceId = value; }
|
|
}
|
|
|
|
public string SSID
|
|
{
|
|
get { return _ssid; }
|
|
set { _ssid = value; }
|
|
}
|
|
|
|
public BSSType BssType
|
|
{
|
|
get { return BSSType.Infrastructure; } //Infrastructure
|
|
}
|
|
|
|
|
|
public int Priority
|
|
{
|
|
get { return _priority; }
|
|
set { _priority = value; }
|
|
}
|
|
|
|
public string EncryptionMethod
|
|
{
|
|
get { return _encMethod; }
|
|
set { _encMethod = value; }
|
|
}
|
|
|
|
public string AuthenticationMethod
|
|
{
|
|
get { return _authMethod; }
|
|
set { _authMethod = value; }
|
|
}
|
|
|
|
|
|
public static IDictionary<string, string> SupportedEncryptionMethods
|
|
{
|
|
get
|
|
{
|
|
Dictionary<string, string> result = new Dictionary<string, string>();
|
|
result.Add("1", "Other");
|
|
result.Add("2", "WEP");
|
|
result.Add("3", "TKIP");
|
|
result.Add("4", "CCMP");
|
|
result.Add("5", "None");
|
|
return result;
|
|
}
|
|
}
|
|
|
|
public static IDictionary<string, string> SupportedAuthenticationMethods
|
|
{
|
|
get
|
|
{
|
|
Dictionary<string, string> result = new Dictionary<string, string>();
|
|
result.Add("1", "Other");
|
|
result.Add("2", "Open System");
|
|
result.Add("3", "Shared Key");
|
|
result.Add("4", "WPA PSK");
|
|
result.Add("5", "WPA IEEE 802.1x");
|
|
result.Add("6", "WPA2 PSK");
|
|
result.Add("7", "WPA2 IEEE 802.1x");
|
|
|
|
return result;
|
|
}
|
|
}
|
|
|
|
|
|
|
|
public WPASettings WPA
|
|
{
|
|
get { return _wpa; }
|
|
|
|
}
|
|
|
|
public IEEESettings IEEE
|
|
{
|
|
get { return _ieee; }
|
|
}
|
|
|
|
|
|
public enum BSSType : int
|
|
{
|
|
Unknown =0,
|
|
Independent=2,
|
|
Infrastructure=3,
|
|
}
|
|
|
|
|
|
public override string ToString()
|
|
{
|
|
return "WirelessProfile";
|
|
}
|
|
|
|
public class WEPSettings
|
|
{
|
|
byte[] _key;
|
|
int _index;
|
|
|
|
public byte[] Key
|
|
{
|
|
get { return _key; }
|
|
set
|
|
{
|
|
_key = value;
|
|
}
|
|
|
|
}
|
|
public int KeyIndex
|
|
{
|
|
get { return _index; }
|
|
set { _index = value; }
|
|
}
|
|
|
|
|
|
public override string ToString()
|
|
{
|
|
return "WEPSettings";
|
|
}
|
|
}
|
|
|
|
public class WPASettings
|
|
{
|
|
byte[] _key;
|
|
string _pass;
|
|
|
|
public byte[] PSK
|
|
{
|
|
get { return _key; }
|
|
set
|
|
{
|
|
_key = value;
|
|
_pass = null;
|
|
}
|
|
}
|
|
public string PassPhrase
|
|
{
|
|
get { return _pass; }
|
|
set
|
|
{
|
|
_pass =value;
|
|
_key = null;
|
|
}
|
|
}
|
|
|
|
public override string ToString()
|
|
{
|
|
return "WPASettings";
|
|
}
|
|
}
|
|
|
|
|
|
public class IEEESettings
|
|
{
|
|
string _auth;
|
|
string _serverCertificateCompareMethod;
|
|
string _roamingIdentity;
|
|
string _serverCertificateName;
|
|
string _userName;
|
|
string _password;
|
|
string _domain;
|
|
DeviceCertificate _clientCertificate;
|
|
DeviceCertificate _caCertificate;
|
|
byte[] _pac;
|
|
string _PACPassword;
|
|
byte[] _psk;
|
|
|
|
|
|
public IEEESettings()
|
|
{
|
|
}
|
|
|
|
public static IDictionary<string, string> SupportedCertificateComparisonMethods
|
|
{
|
|
get
|
|
{
|
|
Dictionary<string, string> result = new Dictionary<string, string>();
|
|
|
|
result.Add("1", "Other");
|
|
result.Add("2", "FullName");
|
|
result.Add("3", "DomainSuffix");
|
|
|
|
return result;
|
|
}
|
|
}
|
|
|
|
public static IDictionary<string, string> SupportedAuthenticationProtocols
|
|
{
|
|
get
|
|
{
|
|
Dictionary<string, string> result = new Dictionary<string, string>();
|
|
|
|
result.Add("0", "EAP-TLS");
|
|
result.Add("1", "EAP-TTLS/MSCHAPv2");
|
|
result.Add("2", "PEAPv0/EAP-MSCHAPv2");
|
|
result.Add("3", "PEAPv1/EAP-GTC");
|
|
result.Add("4", "EAP-FAST/MSCHAPv2");
|
|
result.Add("5", "EAP-FAST/GTC");
|
|
result.Add("6", "EAP-MD5");
|
|
result.Add("7", "EAP-PSK");
|
|
result.Add("8", "EAP-SIM");
|
|
result.Add("9", "EAP-AKA");
|
|
result.Add("10", "EAP-FAST/TLS");
|
|
|
|
return result;
|
|
}
|
|
}
|
|
|
|
public string AuthenticationProtocol
|
|
{
|
|
get { return _auth; }
|
|
set { _auth = value; }
|
|
}
|
|
|
|
public string RoamingIdentity
|
|
{
|
|
get { return _roamingIdentity; }
|
|
set { _roamingIdentity =value; }
|
|
}
|
|
|
|
public string ServerCertificateName
|
|
{
|
|
get { return _serverCertificateName; }
|
|
set { _serverCertificateName =value; }
|
|
}
|
|
|
|
public string ServerCertificateNameComparison
|
|
{
|
|
get { return _serverCertificateCompareMethod;; }
|
|
set { _serverCertificateCompareMethod =value; }
|
|
}
|
|
|
|
public string Username
|
|
{
|
|
get { return _userName; }
|
|
set { _userName =value; }
|
|
}
|
|
|
|
public string Password
|
|
{
|
|
get { return _password; }
|
|
set { _password =value; }
|
|
}
|
|
|
|
public string Domain
|
|
{
|
|
get { return _domain; }
|
|
set { _domain =value; }
|
|
}
|
|
|
|
|
|
public byte[] ProtectedAccessCredential
|
|
{
|
|
get { return _pac; }
|
|
set { _pac = value; }
|
|
}
|
|
|
|
|
|
public string PACPassword
|
|
{
|
|
get { return _PACPassword; }
|
|
set { _PACPassword = value; }
|
|
}
|
|
|
|
public byte[] PSK
|
|
{
|
|
get { return _psk; }
|
|
set { _psk = value; }
|
|
}
|
|
|
|
public DeviceCertificate ClientCredential
|
|
{
|
|
get { return _clientCertificate; }
|
|
set { _clientCertificate = value; }
|
|
}
|
|
|
|
public DeviceCertificate CACredential
|
|
{
|
|
get { return _caCertificate; }
|
|
set { _caCertificate = value; }
|
|
}
|
|
|
|
public override string ToString()
|
|
{
|
|
return "IEEESettings";
|
|
}
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
/// Defines Credential Managment behavior
|
|
/// </summary>
|
|
public class CredentialManager
|
|
{
|
|
|
|
public static string GetAddress(string[] addressList)
|
|
{
|
|
return GetAddress(addressList, false);
|
|
}
|
|
|
|
public static string GetAddress(string[] addressList,bool useIPv6)
|
|
{
|
|
string result = string.Empty;
|
|
if (addressList == null || addressList.Length == 0)
|
|
throw new AmtException("No IP Address is avaible");
|
|
foreach (string address in addressList)
|
|
{
|
|
if (useIPv6)
|
|
{
|
|
if (address.IndexOf(":") > 0)
|
|
result = address;
|
|
}
|
|
else
|
|
{
|
|
if (address.IndexOf(".") > 0)
|
|
result = address;
|
|
}
|
|
}
|
|
return result;
|
|
}
|
|
|
|
public static Uri GetServiceUri(string computerName,bool useTls)
|
|
{
|
|
|
|
Uri result = null;
|
|
string port = ":16992";
|
|
|
|
if (computerName.EndsWith(":16993")) useTls=true;
|
|
|
|
StringBuilder builder= new StringBuilder();
|
|
if (useTls)
|
|
{
|
|
builder.Append("https://");
|
|
port = ":16993";
|
|
}
|
|
else
|
|
{
|
|
builder.Append("http://");
|
|
}
|
|
|
|
builder.Append(computerName);
|
|
|
|
result = new Uri(builder.ToString());
|
|
|
|
//only append the AMT port if no port was specified
|
|
if (result.IsDefaultPort)
|
|
{
|
|
builder.Append(port);
|
|
}
|
|
|
|
|
|
builder.Append("/wsman");
|
|
|
|
result = new Uri(builder.ToString());
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
public static string GetStringFromSecureString(System.Security.SecureString secureString)
|
|
{
|
|
string result;
|
|
|
|
if (secureString==null)
|
|
throw new ArgumentNullException();
|
|
|
|
IntPtr ptr = Marshal.SecureStringToCoTaskMemUnicode((System.Security.SecureString)secureString);
|
|
try
|
|
{
|
|
result = Marshal.PtrToStringUni(ptr);
|
|
}
|
|
finally
|
|
{
|
|
Marshal.ZeroFreeCoTaskMemUnicode(ptr);
|
|
}
|
|
return result;
|
|
}
|
|
|
|
public static System.Security.SecureString GetSecureString(string normalString)
|
|
{
|
|
char[] passChars = normalString.ToCharArray();
|
|
System.Security.SecureString secString = new System.Security.SecureString();
|
|
for (int i = 0; i < passChars.Length; i++)
|
|
secString.AppendChar(passChars[i]);
|
|
|
|
return secString;
|
|
|
|
}
|
|
|
|
public static void SetConnectionCredentials(WsmanConnection conn,PSCredential cred)
|
|
{
|
|
string user = string.Empty;
|
|
SecureString pass = null;
|
|
|
|
if (cred != null && cred.UserName != null)
|
|
user = cred.UserName;
|
|
if (cred != null && cred.Password != null)
|
|
pass = cred.Password;
|
|
|
|
conn.SetCredentials(user, pass);
|
|
conn.Options.HidePassword = true;
|
|
}
|
|
|
|
|
|
public static string GetBase64PasswordHash(string user, string realm, string password)
|
|
{
|
|
|
|
System.Security.Cryptography.MD5 md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
|
|
|
|
StringBuilder builder = new StringBuilder();
|
|
builder.Append(user);
|
|
builder.Append(":");
|
|
builder.Append(realm);
|
|
builder.Append(":");
|
|
builder.Append(password);
|
|
|
|
byte[] hash = md5.ComputeHash(Encoding.ASCII.GetBytes(builder.ToString()));
|
|
builder = new StringBuilder(Convert.ToBase64String(hash));
|
|
|
|
md5.Clear();
|
|
|
|
return builder.ToString();
|
|
}
|
|
|
|
public static WsmanConnection GetConnection(string host,PSCredential cred,bool useTls, bool acceptSelfSignedCert, bool useMaster,
|
|
AmtProxy proxy, X509Certificate clientCert)
|
|
{
|
|
WsmanConnection conn = new WsmanConnection();
|
|
string user = string.Empty;
|
|
SecureString pass = null;
|
|
|
|
if (string.IsNullOrEmpty(host))
|
|
host = "localhost";
|
|
|
|
|
|
if (clientCert != null) useTls = true;
|
|
|
|
conn.Options.UseDigestMasterPassword = useMaster;
|
|
conn.Address = CredentialManager.GetServiceUri(host, useTls).ToString();
|
|
|
|
|
|
if (cred != null && cred.UserName != null)
|
|
user = cred.UserName;
|
|
if (cred != null && cred.Password != null)
|
|
pass = cred.Password;
|
|
if (acceptSelfSignedCert)
|
|
conn.Options.AcceptSelfSignedCertificate = true;
|
|
|
|
conn.SetCredentials(user, pass);
|
|
conn.Options.HidePassword = true;
|
|
conn.Options.ClientCertificate = clientCert;
|
|
|
|
return conn;
|
|
}
|
|
|
|
}
|
|
|
|
|
|
public class MD4
|
|
{
|
|
|
|
static uint PROV_RSA_FULL = 1;
|
|
static uint CRYPT_VERIFYCONTEXT = 0xF0000000;
|
|
static uint CALG_MD4 = 32770;
|
|
|
|
enum HashParameters
|
|
{
|
|
HP_ALGID = 0x0001,
|
|
HP_HASHVAL = 0x0002,
|
|
HP_HASHSIZE = 0x0004,
|
|
}
|
|
|
|
public static byte[] ComputeHash(byte[] data)
|
|
{
|
|
IntPtr hProv = IntPtr.Zero;
|
|
IntPtr hHash = IntPtr.Zero;
|
|
byte[] result = new byte[16];
|
|
int lastError = 0;
|
|
|
|
uint resultSize = (uint)result.Length;
|
|
bool bOk = CryptAcquireContext(out hProv, null, null, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
|
|
if (bOk)
|
|
bOk = CryptCreateHash(hProv, CALG_MD4, IntPtr.Zero, 0, out hHash);
|
|
if (bOk)
|
|
bOk = CryptHashData(hHash, data, (uint)data.Length, 0);
|
|
if (bOk)
|
|
bOk = CryptGetHashParam(hHash, HashParameters.HP_HASHVAL, result, ref resultSize, 0);
|
|
|
|
if (!bOk)
|
|
lastError = Marshal.GetLastWin32Error();
|
|
|
|
if (!hHash.Equals(IntPtr.Zero))
|
|
CryptDestroyHash(hHash);
|
|
|
|
if (!hProv.Equals(IntPtr.Zero))
|
|
CryptReleaseContext(hProv, 0);
|
|
|
|
if (!bOk)
|
|
Marshal.ThrowExceptionForHR(lastError);
|
|
|
|
return result;
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//static uint CALG_MD5= 32771;
|
|
|
|
|
|
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
|
|
[return: MarshalAs(UnmanagedType.Bool)]
|
|
static extern bool CryptAcquireContext(out IntPtr phProv,
|
|
string pszContainer,
|
|
string pszProvider,
|
|
uint dwProvType,
|
|
uint dwFlags);
|
|
|
|
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
|
|
[return: MarshalAs(UnmanagedType.Bool)]
|
|
static extern bool CryptCreateHash(IntPtr phProv,
|
|
uint algId,
|
|
IntPtr hKey,
|
|
uint dwFlags,
|
|
out IntPtr phHash);
|
|
|
|
[DllImport("advapi32.dll", SetLastError = true)]
|
|
[return: MarshalAs(UnmanagedType.Bool)]
|
|
static extern bool CryptHashData(IntPtr phHash,
|
|
byte[] pbData,
|
|
uint dataLen,
|
|
uint flags);
|
|
|
|
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
|
|
[return: MarshalAs(UnmanagedType.Bool)]
|
|
static extern bool CryptGetHashParam(IntPtr phHash,
|
|
HashParameters dwParam,
|
|
[Out] byte[] pbData,
|
|
ref uint dataLen,
|
|
uint flags);
|
|
|
|
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
|
|
[return: MarshalAs(UnmanagedType.Bool)]
|
|
static extern bool CryptDestroyHash(IntPtr phHash);
|
|
|
|
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
|
|
[return: MarshalAs(UnmanagedType.Bool)]
|
|
static extern bool CryptReleaseContext(IntPtr phProv, uint flags);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|