ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-19 09:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4b9382ddbc
MalwareSourceCode/MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/RequestSecurityTokenResponseHelper.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

464 lines
22 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.RequestSecurityTokenResponseHelper
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.IdentityModel.Policy;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.Security.Cryptography;
using System.ServiceModel.Security.Tokens;
using System.Xml;
namespace Microsoft.InfoCards
{
internal static class RequestSecurityTokenResponseHelper
{
private static SecurityToken s_noProofToken = (SecurityToken) new UserNameSecurityToken("noproof", "noproof", "noproof");
private static RequestSecurityTokenResponseHelper.RequestSecurityTokenResponse ReadRequestSecurityTokenResponse(
XmlDictionaryReader reader,
SecurityTokenSerializer tokenSerializer,
SecurityTokenResolver resolver,
ProtocolProfile profile)
{
InfoCardTrace.Assert(null != reader, "null reader");
InfoCardTrace.Assert(null != tokenSerializer, "null tokenSerializer");
RequestSecurityTokenResponseHelper.RequestSecurityTokenResponse securityTokenResponse = new RequestSecurityTokenResponseHelper.RequestSecurityTokenResponse();
if (XmlNames.WSSpecificationVersion.WSTrustOasis2007 == profile.WSTrust.Version)
reader.ReadFullStartElement(profile.WSTrust.RequestSecurityTokenResponseCollection, profile.WSTrust.Namespace);
reader.ReadFullStartElement(profile.WSTrust.RequestSecurityTokenResponse, profile.WSTrust.Namespace);
bool flag1 = false;
bool flag2 = false;
bool flag3 = false;
bool flag4 = false;
bool flag5 = false;
bool flag6 = false;
bool flag7 = false;
bool flag8 = false;
bool flag9 = false;
bool flag10 = false;
bool flag11 = false;
securityTokenResponse.Created = DateTime.UtcNow;
securityTokenResponse.Expires = new DateTime(DateTime.MaxValue.Ticks - TimeSpan.FromDays(2.0).Ticks, DateTimeKind.Utc);
if (!reader.IsStartElement())
throw InfoCardTrace.ThrowHelperError((Exception) new XmlException(SR.GetString("ServiceSTSCommunicationFailed")));
while (reader.IsStartElement())
{
if (reader.IsStartElement(profile.WSTrust.TokenType, profile.WSTrust.Namespace))
{
if (flag1)
throw InfoCardTrace.ThrowHelperError((Exception) new XmlException(SR.GetString("MultipleTokenTypeElementsFound")));
securityTokenResponse.TokenType = reader.ReadElementString();
flag1 = true;
}
else if (reader.IsStartElement(profile.WSTrust.KeySize, profile.WSTrust.Namespace))
{
if (flag3)
throw InfoCardTrace.ThrowHelperError((Exception) new XmlException(SR.GetString("MultipleKeySizeElementsFound")));
int num = reader.ReadElementContentAsInt();
securityTokenResponse.KeySize = num > 0 ? num : throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("KeySizeMustBeGreaterThanZero")));
flag3 = true;
}
else if (reader.IsStartElement(profile.WSTrust.KeyType, profile.WSTrust.Namespace))
{
if (flag2)
throw InfoCardTrace.ThrowHelperError((Exception) new XmlException(SR.GetString("MultipleKeySizeElementsFound")));
string uriString = reader.ReadElementContentAsString();
Uri uri = new Uri(uriString);
if (profile.WSTrust.KeyTypeSymmetric.Equals((object) uri))
securityTokenResponse.KeyType = new SecurityKeyTypeInternal?(SecurityKeyTypeInternal.SymmetricKey);
else if (profile.WSTrust.KeyTypeAsymmetric.Equals((object) uri))
securityTokenResponse.KeyType = new SecurityKeyTypeInternal?(SecurityKeyTypeInternal.AsymmetricKey);
else if (profile.WSTrust.KeyTypeBearer.Equals((object) uri))
securityTokenResponse.KeyType = new SecurityKeyTypeInternal?(SecurityKeyTypeInternal.NoKey);
else
throw InfoCardTrace.ThrowHelperError((Exception) new XmlException(SR.GetString("KeyTypeNotRecognized", (object) uriString)));
flag2 = true;
}
else if (reader.IsStartElement(profile.WSTrust.Lifetime, profile.WSTrust.Namespace))
{
if (flag6)
throw InfoCardTrace.ThrowHelperError((Exception) new XmlException(SR.GetString("MultipleLifetimeElementsFound")));
reader.ReadStartElement();
if (reader.IsStartElement("Created", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"))
securityTokenResponse.Created = reader.ReadElementContentAsDateTime().ToUniversalTime();
if (reader.IsStartElement("Expires", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"))
securityTokenResponse.Expires = reader.ReadElementContentAsDateTime().ToUniversalTime();
reader.ReadEndElement();
flag6 = true;
}
else if (reader.IsStartElement(profile.WSTrust.RequestedSecurityToken, profile.WSTrust.Namespace))
{
if (flag7)
throw InfoCardTrace.ThrowHelperError((Exception) new XmlException(SR.GetString("MultipleRequestedSecurityTokenElementsFound")));
reader.ReadStartElement();
reader.MoveToElement();
XmlDocument xmlDocument = new XmlDocument();
securityTokenResponse.IssuedTokenElement = xmlDocument.ReadNode((XmlReader) reader) as XmlElement;
reader.ReadEndElement();
flag7 = true;
}
else if (reader.IsStartElement(profile.WSTrust.RequestedProofToken, profile.WSTrust.Namespace))
{
if (flag8)
throw InfoCardTrace.ThrowHelperError((Exception) new XmlException(SR.GetString("MultipleRequestedProofTokenElementsFound")));
reader.ReadStartElement();
if (reader.IsStartElement(profile.WSTrust.ComputedKey, profile.WSTrust.Namespace))
{
securityTokenResponse.ComputedKeyAlgorithm = reader.ReadElementString();
if (profile.WSTrust.ComputedKeyAlgorithm != securityTokenResponse.ComputedKeyAlgorithm)
throw InfoCardTrace.ThrowHelperError((Exception) new NotImplementedException(SR.GetString("OnlyPSha1SupportedCurrently", (object) securityTokenResponse.ComputedKeyAlgorithm)));
}
else
securityTokenResponse.ProofToken = tokenSerializer.ReadToken((XmlReader) reader, resolver);
reader.ReadEndElement();
flag8 = true;
}
else if (reader.IsStartElement(profile.WSTrust.Entropy, profile.WSTrust.Namespace))
{
if (flag10)
throw InfoCardTrace.ThrowHelperError((Exception) new XmlException(SR.GetString("MultipleEntropyElementsFound")));
reader.ReadStartElement();
securityTokenResponse.EntropyToken = tokenSerializer.ReadToken((XmlReader) reader, resolver);
reader.ReadEndElement();
flag10 = true;
}
else if (reader.IsStartElement("RequestedDisplayToken", "http://schemas.xmlsoap.org/ws/2005/05/identity"))
{
if (flag9)
throw InfoCardTrace.ThrowHelperError((Exception) new XmlException(SR.GetString("MultipleRequestedDisplayTokenElementsFound")));
securityTokenResponse.DisplayToken = RequestSecurityTokenResponseHelper.CreateDisplayToken(reader);
flag9 = true;
}
else if (reader.IsStartElement(profile.WSTrust.RequestedAttachedReference, profile.WSTrust.Namespace))
{
if (flag4)
throw InfoCardTrace.ThrowHelperError((Exception) new XmlException(SR.GetString("MultipleRequestedAttachedReferenceElementsFound")));
reader.ReadStartElement();
securityTokenResponse.RequestedAttachedReference = tokenSerializer.ReadKeyIdentifierClause((XmlReader) reader);
reader.ReadEndElement();
flag4 = true;
}
else if (reader.IsStartElement(profile.WSTrust.RequestedUnattachedReference, profile.WSTrust.Namespace))
{
if (flag5)
throw InfoCardTrace.ThrowHelperError((Exception) new XmlException(SR.GetString("MultipleRequestedUnattachedReferenceElementsFound")));
reader.ReadStartElement();
securityTokenResponse.RequestedUnattachedReference = tokenSerializer.ReadKeyIdentifierClause((XmlReader) reader);
reader.ReadEndElement();
flag5 = true;
}
else if (reader.IsStartElement(profile.WSTrust.RequestType, profile.WSTrust.Namespace))
{
if (flag11)
throw InfoCardTrace.ThrowHelperError((Exception) new XmlException(SR.GetString("MultipleRequestTypeElementsFound")));
securityTokenResponse.RequestType = reader.ReadElementContentAsString();
if (profile.WSTrust.IssueRequestType != securityTokenResponse.RequestType)
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("OnlyIssueRequestTypeSupported", (object) securityTokenResponse.RequestType, (object) profile.WSTrust.IssueRequestType)));
flag11 = true;
}
else
reader.Skip();
}
reader.ReadEndElement();
if (XmlNames.WSSpecificationVersion.WSTrustOasis2007 == profile.WSTrust.Version)
{
if (!(profile.WSTrust.RequestSecurityTokenResponseCollection == reader.LocalName) || !(profile.WSTrust.Namespace == reader.NamespaceURI) || reader.NodeType != XmlNodeType.EndElement)
throw InfoCardTrace.ThrowHelperError((Exception) new XmlException(SR.GetString("ServiceSTSCommunicationFailed")));
reader.ReadEndElement();
}
return securityTokenResponse;
}
public static GenericXmlSecurityToken ProcessBearerTokenData(
XmlDictionaryReader reader,
SecurityTokenSerializer tokenSerializer,
SecurityTokenResolver resolver,
ProtocolProfile profile,
out DisplayToken displayToken)
{
RequestSecurityTokenResponseHelper.RequestSecurityTokenResponse securityTokenResponse = RequestSecurityTokenResponseHelper.ReadRequestSecurityTokenResponse(reader, tokenSerializer, resolver, profile);
displayToken = securityTokenResponse.DisplayToken ?? new DisplayToken();
securityTokenResponse.ValidateRstrContents(SecurityKeyTypeInternal.NoKey);
SecurityToken noProofToken = RequestSecurityTokenResponseHelper.s_noProofToken;
return new GenericXmlSecurityToken(securityTokenResponse.IssuedTokenElement, noProofToken, securityTokenResponse.Created, securityTokenResponse.Expires, securityTokenResponse.RequestedAttachedReference, securityTokenResponse.RequestedUnattachedReference, (ReadOnlyCollection<IAuthorizationPolicy>) null);
}
public static GenericXmlSecurityToken ProcessSymmetricTokenData(
XmlDictionaryReader reader,
SecurityTokenSerializer tokenSerializer,
SecurityTokenResolver resolver,
byte[] clientEntropyForSymmetric,
ProtocolProfile profile,
out DisplayToken displayToken)
{
RequestSecurityTokenResponseHelper.RequestSecurityTokenResponse securityTokenResponse = RequestSecurityTokenResponseHelper.ReadRequestSecurityTokenResponse(reader, tokenSerializer, resolver, profile);
displayToken = securityTokenResponse.DisplayToken ?? new DisplayToken();
securityTokenResponse.ValidateRstrContents(SecurityKeyTypeInternal.SymmetricKey);
if (securityTokenResponse.EntropyToken != null)
{
InfoCardTrace.Assert(profile.WSTrust.ComputedKeyAlgorithm == securityTokenResponse.ComputedKeyAlgorithm, "We already made sure it is PSHA1 while processing RSTR");
if (!(securityTokenResponse.EntropyToken is BinarySecretSecurityToken entropyToken))
throw InfoCardTrace.ThrowHelperError((Exception) new TrustExchangeException(SR.GetString("InvalidEntropyContents")));
int num = clientEntropyForSymmetric.Length * 8;
if (securityTokenResponse.GetIntelligentKeySize(true, num) != num)
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException("SymmetricProofKeyLengthMismatch"));
byte[] combinedKey = RequestSecurityTokenResponseHelper.RequestSecurityTokenResponse.ComputeCombinedKey(clientEntropyForSymmetric, entropyToken.GetKeyBytes(), num);
securityTokenResponse.ProofToken = (SecurityToken) new BinarySecretSecurityToken(combinedKey);
}
else if (securityTokenResponse.ProofToken == null)
{
byte[] key = clientEntropyForSymmetric;
securityTokenResponse.ProofToken = (SecurityToken) new BinarySecretSecurityToken(key);
}
return new GenericXmlSecurityToken(securityTokenResponse.IssuedTokenElement, securityTokenResponse.ProofToken, securityTokenResponse.Created, securityTokenResponse.Expires, securityTokenResponse.RequestedAttachedReference, securityTokenResponse.RequestedUnattachedReference, (ReadOnlyCollection<IAuthorizationPolicy>) null);
}
public static GenericXmlSecurityToken ProcessAsymmetricTokenData(
XmlDictionaryReader reader,
RSA rsa,
SecurityTokenSerializer tokenSerializer,
SecurityTokenResolver resolver,
ProtocolProfile profile,
out DisplayToken displayToken)
{
InfoCardTrace.Assert(null != rsa, "null rsa");
RequestSecurityTokenResponseHelper.RequestSecurityTokenResponse securityTokenResponse = RequestSecurityTokenResponseHelper.ReadRequestSecurityTokenResponse(reader, tokenSerializer, resolver, profile);
displayToken = securityTokenResponse.DisplayToken ?? new DisplayToken();
securityTokenResponse.ValidateRstrContents(SecurityKeyTypeInternal.AsymmetricKey);
SecurityToken proofToken = (SecurityToken) new RsaSecurityToken(rsa);
return new GenericXmlSecurityToken(securityTokenResponse.IssuedTokenElement, proofToken, securityTokenResponse.Created, securityTokenResponse.Expires, securityTokenResponse.RequestedAttachedReference, securityTokenResponse.RequestedUnattachedReference, (ReadOnlyCollection<IAuthorizationPolicy>) null);
}
private static DisplayToken CreateDisplayToken(XmlDictionaryReader reader)
{
InfoCardTrace.Assert(null != reader, "null reader");
DisplayToken displayToken = new DisplayToken();
XmlReader reader1 = InfoCardSchemas.CreateReader(reader.ReadOuterXml());
try
{
reader1.ReadStartElement("RequestedDisplayToken", "http://schemas.xmlsoap.org/ws/2005/05/identity");
reader1.ReadStartElement("DisplayToken", "http://schemas.xmlsoap.org/ws/2005/05/identity");
while (reader1.IsStartElement())
{
if (reader1.IsStartElement("DisplayClaim", "http://schemas.xmlsoap.org/ws/2005/05/identity"))
{
List<DisplayClaim> claimList = new List<DisplayClaim>();
while (reader1.IsStartElement())
{
if (reader1.IsStartElement("DisplayClaim", "http://schemas.xmlsoap.org/ws/2005/05/identity"))
{
DisplayClaim displayClaim = RequestSecurityTokenResponseHelper.ReadDisplayClaim(reader1);
if (displayClaim != null)
claimList.Add(displayClaim);
}
else
reader1.Skip();
}
displayToken = new DisplayToken(claimList);
}
else if (reader1.IsStartElement("DisplayTokenText", "http://schemas.xmlsoap.org/ws/2005/05/identity"))
{
string attribute = reader1.GetAttribute("MimeType");
string displayString = reader1.ReadElementContentAsString();
if (!string.IsNullOrEmpty(displayString) && !string.IsNullOrEmpty(attribute))
displayToken = new DisplayToken(displayString, attribute);
}
else
reader1.Skip();
}
reader1.ReadEndElement();
reader1.ReadEndElement();
}
catch (Exception ex)
{
displayToken = (DisplayToken) null;
if (InfoCardTrace.IsFatal(ex))
throw;
}
return displayToken;
}
private static DisplayClaim ReadDisplayClaim(XmlReader reader)
{
if (!reader.IsStartElement("DisplayClaim", "http://schemas.xmlsoap.org/ws/2005/05/identity"))
throw InfoCardTrace.ThrowHelperError((Exception) new XmlException(SR.GetString("UnexpectedElement")));
string name = string.Empty;
List<string> stringList = new List<string>();
string description = string.Empty;
string empty = string.Empty;
string attribute = reader.GetAttribute("Uri", "http://schemas.xmlsoap.org/ws/2005/05/identity");
if (string.IsNullOrEmpty(attribute))
attribute = reader.GetAttribute("Uri");
bool isEmptyElement = reader.IsEmptyElement;
reader.ReadStartElement();
if (!isEmptyElement)
{
while (reader.IsStartElement())
{
if (reader.IsStartElement("DisplayTag", "http://schemas.xmlsoap.org/ws/2005/05/identity"))
name = reader.ReadElementContentAsString();
else if (reader.IsStartElement("DisplayValue", "http://schemas.xmlsoap.org/ws/2005/05/identity"))
stringList.Add(reader.ReadElementContentAsString());
else if (reader.IsStartElement("Description", "http://schemas.xmlsoap.org/ws/2005/05/identity"))
description = reader.ReadElementContentAsString();
else
reader.Skip();
}
reader.ReadEndElement();
}
return new DisplayClaim(name, stringList, description, attribute);
}
private class RequestSecurityTokenResponse
{
private int m_keySize;
private bool m_keySizeSpecified;
private DateTime m_created = DateTime.UtcNow;
private DateTime m_expires = DateTime.UtcNow.AddHours(1.0);
private string m_requestType;
private SecurityKeyIdentifierClause m_requestedAttachedReference;
private SecurityKeyIdentifierClause m_requestedUnattachedReference;
private SecurityToken m_entropyToken;
private string m_computedKeyAlgorithm;
private DisplayToken m_displayToken;
private SecurityKeyTypeInternal? m_keyType;
private string m_tokenType;
private XmlElement m_issuedTokenElement;
private SecurityToken m_proofToken;
public int KeySize
{
set
{
this.m_keySize = value;
this.m_keySizeSpecified = true;
}
}
public int GetIntelligentKeySize(bool symmetric, int rstKeySize)
{
if (!symmetric)
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException());
return !this.m_keySizeSpecified ? rstKeySize : this.m_keySize;
}
public SecurityKeyTypeInternal? KeyType
{
get => this.m_keyType;
set => this.m_keyType = value;
}
public DateTime Created
{
get => this.m_created;
set => this.m_created = value;
}
public DateTime Expires
{
get => this.m_expires;
set => this.m_expires = value;
}
public SecurityKeyIdentifierClause RequestedAttachedReference
{
get => this.m_requestedAttachedReference;
set => this.m_requestedAttachedReference = value;
}
public SecurityKeyIdentifierClause RequestedUnattachedReference
{
get => this.m_requestedUnattachedReference;
set => this.m_requestedUnattachedReference = value;
}
public string TokenType
{
set => this.m_tokenType = value;
}
public SecurityToken EntropyToken
{
get => this.m_entropyToken;
set => this.m_entropyToken = value;
}
public string ComputedKeyAlgorithm
{
get => this.m_computedKeyAlgorithm;
set => this.m_computedKeyAlgorithm = value;
}
public DisplayToken DisplayToken
{
get => this.m_displayToken;
set => this.m_displayToken = value;
}
public XmlElement IssuedTokenElement
{
get => this.m_issuedTokenElement;
set => this.m_issuedTokenElement = value;
}
public SecurityToken ProofToken
{
get => this.m_proofToken;
set => this.m_proofToken = value;
}
public string RequestType
{
get => this.m_requestType;
set => this.m_requestType = value;
}
public static byte[] ComputeCombinedKey(
byte[] requestorEntropy,
byte[] issuerEntropy,
int keySize)
{
if (requestorEntropy == null)
throw InfoCardTrace.ThrowHelperArgumentNull(nameof (requestorEntropy));
if (issuerEntropy == null)
throw InfoCardTrace.ThrowHelperArgumentNull(nameof (issuerEntropy));
InfoCardTrace.Assert(keySize > 0, "Keysize must be > 0");
return new Psha1DerivedKeyGenerator(requestorEntropy).GenerateDerivedKey(new byte[0], issuerEntropy, keySize, 0);
}
public void ValidateRstrContents(SecurityKeyTypeInternal keyTypeExpected)
{
if (this.IssuedTokenElement == null)
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("NoIssuedTokenXml")));
if (this.KeyType.HasValue)
{
SecurityKeyTypeInternal securityKeyTypeInternal = keyTypeExpected;
SecurityKeyTypeInternal? keyType = this.KeyType;
if ((securityKeyTypeInternal != keyType.GetValueOrDefault() ? 1 : (!keyType.HasValue ? 1 : 0)) != 0)
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("ProofKeyTypeMismatch")));
}
if (keyTypeExpected == SecurityKeyTypeInternal.SymmetricKey)
return;
if (SecurityKeyTypeInternal.AsymmetricKey == keyTypeExpected)
{
if (this.ProofToken != null)
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("ProofTokenXmlUnexpectedInRstr")));
}
else
{
InfoCardTrace.Assert(SecurityKeyTypeInternal.NoKey == keyTypeExpected, "Bad enum member for SecurityKeyTypeInternal");
if (this.ProofToken != null)
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("ProofTokenXmlUnexpectedInRstr")));
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink