MalwareSourceCode/MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-fd200e64412b6be5c177c3cfa7b94e83e807ff04211ce324f12e2ffa5537eb36/Services/Ticket/ActivationManager.cs

// Decompiled with JetBrains decompiler
// Type: Bmc.Services.Ticket.ActivationManager
// Assembly: ticketservice, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 3DFB8186-7053-43AF-8B45-70866071B1F2
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Patched.mf-fd200e64412b6be5c177c3cfa7b94e83e807ff04211ce324f12e2ffa5537eb36.exe

using Bmc.Broker.ResourceSystem;
using Bmc.RegistryAccess.Ticket;
using Net.LShift.SPKI;
using System;
using System.IO;

namespace Bmc.Services.Ticket
{
  public class ActivationManager
  {
    private SignatureChecker ticket_checker;
    private SPKISexp current_ticket;
    private SecureStateManager _secureStateManager;
    private ResourceManager _resourceManager;
    private ResourceManager _legacyResourceManager;
    private static byte[][] key_hashes = new byte[1][]
    {
      new byte[20]
      {
        (byte) 97,
        (byte) 170,
        byte.MaxValue,
        (byte) 55,
        (byte) 144,
        (byte) 148,
        (byte) 75,
        (byte) 50,
        (byte) 153,
        (byte) 84,
        (byte) 55,
        (byte) 229,
        (byte) 122,
        (byte) 62,
        (byte) 108,
        (byte) 42,
        (byte) 66,
        (byte) 9,
        (byte) 74,
        (byte) 148
      }
    };

    public ActivationManager(
      SecureStateManager secureStateManager,
      ResourceManager resourceManager,
      ResourceManager legacyResourceManager)
    {
      this.ticket_checker = new SignatureChecker(ActivationManager.key_hashes);
      this._secureStateManager = secureStateManager;
      this._resourceManager = resourceManager;
      this._legacyResourceManager = legacyResourceManager;
    }

    private void CheckTicket(SPKISexp ticket)
    {
      try
      {
        SPKISexp spkiSexp = ticket[nameof (ticket)];
        this.ticket_checker.CheckSequence(ticket, spkiSexp);
        if (!spkiSexp.Get("version").Name.Equals("00003"))
          throw new BadTicketException("cannot be parsed by this version of the software");
        if (!new SPKISexp(new SPKISexp[2]
        {
          new SPKISexp("name"),
          new SPKISexp(this._secureStateManager[(SECURE_FIELD) 0])
        }).Equals((object) spkiSexp.Get("subject")))
          throw new WrongUserException();
      }
      catch (AccessException ex)
      {
        throw new BadTicketException("missing field", (Exception) ex);
      }
    }

    private static string IdOfTicket(SPKISexp ticket)
    {
      try
      {
        return ticket[nameof (ticket)].Get("id").Name;
      }
      catch (AccessException ex)
      {
        throw new BadTicketException("missing field", (Exception) ex);
      }
    }

    private void CheckAndStoreTicket(Stream ts, string id)
    {
      SPKISexp sexp;
      try
      {
        sexp = SPKISexp.ParseSexp(ts);
      }
      catch (ParseException ex)
      {
        throw new BadTicketException("Ticket parse failure", (Exception) ex);
      }
      ts.Close();
      this.CheckTicket(sexp);
      this.current_ticket = id == null || id.Equals(ActivationManager.IdOfTicket(sexp)) ? sexp : throw new BadTicketException("Unexpected ticket ID");
    }

    public FileInfo TicketFile => this._resourceManager.GetData("ticket.spki");

    public FileInfo LegacyTicketFile => this._legacyResourceManager.GetData("ticket.spki");

    private void LoadTicket()
    {
      string id = this._secureStateManager[(SECURE_FIELD) 3];
      if (id != null)
      {
        if (!(id == "none"))
        {
          try
          {
            lock (this)
            {
              using (FileStream ts = this.TicketFile.Exists ? this.TicketFile.OpenRead() : this.LegacyTicketFile.OpenRead())
              {
                this.CheckAndStoreTicket((Stream) ts, id);
                return;
              }
            }
          }
          catch (IOException ex)
          {
            throw new BadTicketException("IO error reading ticket: " + (object) this.TicketFile, (Exception) ex);
          }
        }
      }
      throw new NoTicketException();
    }

    private void WriteDebugTicket(SPKISexp ticket)
    {
      this._resourceManager.EnsureDataDirectoryExists("debug");
      using (Stream stream = (Stream) this._resourceManager.GetData("debug\\ticket.txt").OpenWrite())
      {
        using (TextWriter textWriter = (TextWriter) new StreamWriter(stream))
          ticket.PrettyPrint(textWriter);
      }
    }

    private void SaveTicket()
    {
      this._resourceManager.EnsureDataDirectoryExists("");
      this.TicketFile.Delete();
      using (FileStream fileStream = this.TicketFile.OpenWrite())
        this.current_ticket.Marshal((Stream) fileStream);
      this._secureStateManager[(SECURE_FIELD) 3] = ActivationManager.IdOfTicket(this.current_ticket);
      this._secureStateManager.Flush();
    }

    public void SetTicket(Stream ticket)
    {
      lock (this)
      {
        this.CheckAndStoreTicket(ticket, (string) null);
        this.SaveTicket();
      }
    }

    public SPKISexp Ticket
    {
      get
      {
        if (this.current_ticket == null)
          this.LoadTicket();
        return this.current_ticket;
      }
    }

    public string TicketId => ActivationManager.IdOfTicket(this.Ticket);

    public bool TicketOK
    {
      get
      {
        try
        {
          return this.TicketId != "none";
        }
        catch (Exception ex)
        {
          return false;
        }
      }
    }

    public void PrintTicket(TextWriter tw) => this.Ticket.PrettyPrint(tw);

    public string TicketString()
    {
      StringWriter tw = new StringWriter();
      this.PrintTicket((TextWriter) tw);
      return tw.ToString();
    }
  }
}