ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-19 18:06:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/Recipient.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

447 lines
19 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.Recipient
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Collections.Generic;
using System.Globalization;
using System.IdentityModel.Tokens;
using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
namespace Microsoft.InfoCards
{
internal class Recipient
{
private const int InvalidRow = 0;
private const byte Version = 1;
private const byte m_marker = 29;
public const int CERT_NAME_ATTR_TYPE = 3;
public const string szOID_SUBJECT_CN = "2.5.4.3";
public const string szOID_ORGANIZATION_NAME = "2.5.4.10";
public const string szOID_LOCALITY_NAME = "2.5.4.7";
public const string szOID_STATE_OR_PROVINCE_NAME = "2.5.4.8";
public const string szOID_COUNTRY_NAME = "2.5.4.6";
private const int attributeMaxLength = 1024;
private static readonly Recipient.RecipientAttribute CNAttr = new Recipient.RecipientAttribute("2.5.4.3", "CN");
private static readonly Recipient.RecipientAttribute OrgAttr = new Recipient.RecipientAttribute("2.5.4.10", "O");
private static readonly Recipient.RecipientAttribute LocalityAttr = new Recipient.RecipientAttribute("2.5.4.7", "L");
private static readonly Recipient.RecipientAttribute StateOrProvinceAttr = new Recipient.RecipientAttribute("2.5.4.8", "S");
private static readonly Recipient.RecipientAttribute CountryAttr = new Recipient.RecipientAttribute("2.5.4.6", "C");
private string m_recipientId;
private string m_recipientOrganizationId;
private string m_issuerName;
private string m_subjectName;
private uint m_privacyNoticeVersion;
private Recipient.IdentityType m_type;
private Recipient.TrustDecision m_trustDecision;
private Recipient.RecipientCertParameters m_recipientParams = new Recipient.RecipientCertParameters("", "", "", "", "", Utility.SubjectAtrributeHAFlags.NotEnabled);
private bool m_isCertCached;
private int m_rowId;
private byte[] m_publicKey;
private List<X509Logo> m_logoMetadata;
public Recipient(Stream stream)
: this(stream, false)
{
}
public Recipient(Stream stream, RecipientIdentity identity, bool isCertCached)
: this(stream, isCertCached)
{
if (!(identity is X509RecipientIdentity recipientIdentity))
return;
this.m_type = Recipient.IdentityType.X509;
this.AddLogoMetadata(recipientIdentity.LeafCertificate);
this.m_recipientParams = recipientIdentity.RecipientParams;
}
private Recipient(Stream stream, bool isCertCached)
{
this.m_isCertCached = isCertCached;
this.Deserialize(stream);
}
public Recipient(RecipientIdentity identity, bool isCertCached, uint privacyNoticeVersion)
{
this.m_trustDecision = Recipient.TrustDecision.NoTrustDecision;
this.m_isCertCached = isCertCached;
this.m_privacyNoticeVersion = privacyNoticeVersion;
this.m_recipientId = identity.GetIdentifier();
this.m_recipientOrganizationId = identity.GetOrganizationIdentifier();
this.m_subjectName = identity.GetName();
if (!(identity is X509RecipientIdentity recipientIdentity))
return;
this.m_type = Recipient.IdentityType.X509;
this.m_issuerName = recipientIdentity.LeafCertificate.GetNameInfo(X509NameType.SimpleName, true);
this.m_recipientParams = recipientIdentity.RecipientParams;
this.m_publicKey = recipientIdentity.LeafCertificate.GetPublicKey();
this.AddLogoMetadata(recipientIdentity.LeafCertificate);
}
public Recipient(
X509Certificate2 cert,
string recipientId,
string recipientOrgId,
bool isCertCached,
uint privacyNoticeVersion,
Recipient.RecipientCertParameters recipientParameters)
{
this.m_type = Recipient.IdentityType.X509;
this.m_trustDecision = Recipient.TrustDecision.NoTrustDecision;
this.m_publicKey = cert.GetPublicKey();
this.m_isCertCached = isCertCached;
this.m_privacyNoticeVersion = privacyNoticeVersion;
this.m_subjectName = cert.FriendlyName;
if (string.IsNullOrEmpty(this.m_subjectName))
this.m_subjectName = cert.GetNameInfo(X509NameType.SimpleName, false);
this.m_issuerName = cert.GetNameInfo(X509NameType.SimpleName, true);
this.m_recipientId = recipientId;
this.m_recipientOrganizationId = recipientOrgId;
this.m_recipientParams = recipientParameters;
this.AddLogoMetadata(cert);
}
public string RecipientId
{
get
{
InfoCardTrace.Assert(!string.IsNullOrEmpty(this.m_recipientId), "Must be populated before this property is accessed");
return this.m_recipientId;
}
}
public Recipient.RecipientCertParameters RecipientParameters => this.m_recipientParams;
public uint PrivacyPolicyVersion
{
get => this.m_privacyNoticeVersion;
set => this.m_privacyNoticeVersion = value;
}
private static byte[] CertGetRecipientIdBytesForChainTrust(
X509Certificate2 recipientCert,
X509Certificate2Collection supportingRecipientCerts,
Recipient.IdType idtype,
out Recipient.RecipientCertParameters recipientParams)
{
recipientParams = new Recipient.RecipientCertParameters("", "", "", "", "", Utility.SubjectAtrributeHAFlags.NotEnabled);
string str1 = "";
string certAttribute1 = Recipient.GetCertAttribute(Recipient.OrgAttr.Name, recipientCert.Handle);
string certAttribute2 = Recipient.GetCertAttribute(Recipient.LocalityAttr.Name, recipientCert.Handle);
string certAttribute3 = Recipient.GetCertAttribute(Recipient.StateOrProvinceAttr.Name, recipientCert.Handle);
string certAttribute4 = Recipient.GetCertAttribute(Recipient.CountryAttr.Name, recipientCert.Handle);
recipientParams.m_cn = Recipient.GetCertAttribute(Recipient.CNAttr.Name, recipientCert.Handle);
recipientParams.m_organization = certAttribute1;
recipientParams.m_locality = certAttribute2;
recipientParams.m_state = certAttribute3;
recipientParams.m_country = certAttribute4;
if (string.IsNullOrEmpty(certAttribute1))
{
if (string.IsNullOrEmpty(recipientParams.m_cn))
return recipientCert.GetPublicKey();
return Encoding.Unicode.GetBytes(string.Format((IFormatProvider) CultureInfo.InvariantCulture, "|{0}=\"{1}\"|", new object[2]
{
(object) Recipient.CNAttr.DelimitingString,
(object) recipientParams.m_cn
}));
}
string str2;
if (Recipient.IdType.OrganizationId == idtype || Recipient.IdType.PPIDSeed == idtype)
str2 = string.Format((IFormatProvider) CultureInfo.InvariantCulture, "|{0}=\"{1}\"|{2}=\"{3}\"|{4}=\"{5}\"|{6}=\"{7}\"|", (object) Recipient.OrgAttr.DelimitingString, (object) certAttribute1, (object) Recipient.LocalityAttr.DelimitingString, (object) certAttribute2, (object) Recipient.StateOrProvinceAttr.DelimitingString, (object) certAttribute3, (object) Recipient.CountryAttr.DelimitingString, (object) certAttribute4);
else
str2 = string.Format((IFormatProvider) CultureInfo.InvariantCulture, "|{0}=\"{1}\"|{2}=\"{3}\"|{4}=\"{5}\"|{6}=\"{7}\"|{8}=\"{9}\"|", (object) Recipient.CNAttr.DelimitingString, (object) recipientParams.m_cn, (object) Recipient.OrgAttr.DelimitingString, (object) certAttribute1, (object) Recipient.LocalityAttr.DelimitingString, (object) certAttribute2, (object) Recipient.StateOrProvinceAttr.DelimitingString, (object) certAttribute3, (object) Recipient.CountryAttr.DelimitingString, (object) certAttribute4);
Utility.SubjectAtrributeHAFlags certFlags = Utility.SubjectAtrributeHAFlags.NotEnabled;
string s;
if (Utility.GetCertHAFlags(recipientCert, supportingRecipientCerts, ref certFlags))
{
recipientParams.m_certHAFlags = certFlags;
int num = Utility.IsSubjectAtrributeHAFlagsSet(certFlags, Utility.SubjectAtrributeHAFlags.LocStateCountryHA) ^ Utility.IsSubjectAtrributeHAFlagsSet(certFlags, Utility.SubjectAtrributeHAFlags.OrganizationHA) ? 1 : 0;
s = str2;
if (string.IsNullOrEmpty(s))
throw InfoCardTrace.ThrowHelperError((Exception) new UntrustedRecipientException(SR.GetString("InvalidHACertificateStructure")));
}
else
{
X509Chain chain;
try
{
InfoCardX509Validator.ValidateChain(recipientCert, supportingRecipientCerts, out chain);
}
catch (SecurityTokenValidationException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new UntrustedRecipientException(SR.GetString("UnableToBuildChainForNonHARecipient"), (Exception) ex));
}
if (Recipient.IdType.OrganizationId == idtype)
str1 = "|Non-EV";
if (idtype == Recipient.IdType.RecipientId)
{
for (int index = 1; index < chain.ChainElements.Count; ++index)
str1 = string.Format((IFormatProvider) CultureInfo.InvariantCulture, "|ChainElement=\"{0}\"{1}", new object[2]
{
(object) chain.ChainElements[index].Certificate.Subject,
(object) str1
});
}
s = str1 + str2;
}
return Encoding.Unicode.GetBytes(s);
}
public static string CertGetRecipientOrganizationPPIDSeedHash(
X509Certificate2 recipientCert,
X509Certificate2Collection supportingRecipientCerts,
bool isChainTrusted)
{
byte[] buffer = isChainTrusted ? Recipient.CertGetRecipientIdBytesForChainTrust(recipientCert, supportingRecipientCerts, Recipient.IdType.PPIDSeed, out Recipient.RecipientCertParameters _) : recipientCert.GetPublicKey();
byte[] hash;
using (SHA256 shA256 = (SHA256) new SHA256Managed())
hash = shA256.ComputeHash(buffer);
return Convert.ToBase64String(hash);
}
public static string CertGetRecipientOrganizationIdHash(
X509Certificate2 recipientCert,
X509Certificate2Collection supportingRecipientCerts,
bool isChainTrusted)
{
byte[] buffer = isChainTrusted ? Recipient.CertGetRecipientIdBytesForChainTrust(recipientCert, supportingRecipientCerts, Recipient.IdType.OrganizationId, out Recipient.RecipientCertParameters _) : recipientCert.GetPublicKey();
byte[] hash;
using (SHA256 shA256 = (SHA256) new SHA256Managed())
hash = shA256.ComputeHash(buffer);
return Convert.ToBase64String(hash);
}
public static string CertGetRecipientIdHash(
X509Certificate2 recipientCert,
X509Certificate2Collection supportingRecipientCerts,
bool isChainTrusted,
out Recipient.RecipientCertParameters recipientParams)
{
byte[] buffer;
if (!isChainTrusted)
{
buffer = recipientCert.GetPublicKey();
recipientParams = new Recipient.RecipientCertParameters(Recipient.GetCertAttribute(Recipient.CNAttr.Name, recipientCert.Handle), Recipient.GetCertAttribute(Recipient.OrgAttr.Name, recipientCert.Handle), Recipient.GetCertAttribute(Recipient.LocalityAttr.Name, recipientCert.Handle), Recipient.GetCertAttribute(Recipient.StateOrProvinceAttr.Name, recipientCert.Handle), Recipient.GetCertAttribute(Recipient.CountryAttr.Name, recipientCert.Handle), Utility.SubjectAtrributeHAFlags.NotEnabled);
}
else
buffer = Recipient.CertGetRecipientIdBytesForChainTrust(recipientCert, supportingRecipientCerts, Recipient.IdType.RecipientId, out recipientParams);
byte[] hash;
using (SHA256 shA256 = (SHA256) new SHA256Managed())
hash = shA256.ComputeHash(buffer);
return Convert.ToBase64String(hash);
}
private static string GetCertAttribute(string geographicAttributeName, IntPtr certHandle)
{
StringBuilder pszNameString = new StringBuilder(1024);
NativeMethods.CertGetNameString(certHandle, 3, 0, geographicAttributeName, pszNameString, 1024);
return pszNameString.ToString();
}
public Recipient.TrustDecision Trust
{
set => this.m_trustDecision = value;
get => this.m_trustDecision;
}
private void ThrowIfNotComplete()
{
bool flag = this.m_recipientId != null && null != this.m_subjectName;
if (Recipient.IdentityType.X509 == this.m_type)
flag = flag && this.m_issuerName != null && !Utility.ArrayIsNullOrEmpty((Array) this.m_publicKey);
if (!flag)
throw InfoCardTrace.ThrowHelperError((Exception) new SerializationIncompleteException(this.GetType()));
}
private void AddLogoMetadata(X509Certificate2 cert)
{
X509LogoTypeExtension logoTypeExtension = X509LogoTypeExtension.FromCertificate(cert);
if (logoTypeExtension == null)
return;
logoTypeExtension.TryDecodeExtension();
this.m_logoMetadata = logoTypeExtension.Logos;
}
public void Serialize(BinaryWriter writer) => this.AgentSerialize(writer);
public void AgentSerialize(BinaryWriter writer)
{
this.ThrowIfNotComplete();
writer.Write((byte) 1);
writer.Write((byte) this.m_type);
writer.Write(this.m_isCertCached);
writer.Write((uint) this.m_recipientParams.m_certHAFlags);
Utility.SerializeString(writer, this.m_recipientParams.m_cn);
Utility.SerializeString(writer, this.m_recipientParams.m_organization);
Utility.SerializeString(writer, this.m_recipientParams.m_locality);
Utility.SerializeString(writer, this.m_recipientParams.m_state);
Utility.SerializeString(writer, this.m_recipientParams.m_country);
Utility.SerializeString(writer, this.m_recipientId);
Utility.SerializeString(writer, this.m_recipientOrganizationId);
Utility.SerializeString(writer, this.m_issuerName);
Utility.SerializeString(writer, this.m_subjectName);
writer.Write(this.m_privacyNoticeVersion);
Utility.SerializeBytes(writer, this.m_publicKey);
writer.Write((byte) this.m_trustDecision);
if (this.m_logoMetadata == null)
{
writer.Write(0);
}
else
{
writer.Write(this.m_logoMetadata.Count);
foreach (X509Logo x509Logo in this.m_logoMetadata)
x509Logo.Serialize(writer);
}
writer.Write((byte) 29);
}
public void SerializeToStore(BinaryWriter writer)
{
this.ThrowIfNotComplete();
writer.Write((byte) 1);
writer.Write((uint) this.m_recipientParams.m_certHAFlags);
Utility.SerializeString(writer, this.m_recipientParams.m_cn);
Utility.SerializeString(writer, this.m_recipientParams.m_organization);
Utility.SerializeString(writer, this.m_recipientParams.m_locality);
Utility.SerializeString(writer, this.m_recipientParams.m_state);
Utility.SerializeString(writer, this.m_recipientParams.m_country);
Utility.SerializeString(writer, this.m_recipientId);
Utility.SerializeString(writer, this.m_recipientOrganizationId);
Utility.SerializeString(writer, this.m_issuerName);
Utility.SerializeString(writer, this.m_subjectName);
writer.Write(this.m_privacyNoticeVersion);
Utility.SerializeBytes(writer, this.m_publicKey);
writer.Write((byte) this.m_trustDecision);
writer.Write((byte) 29);
}
public void Deserialize(Stream stream)
{
BinaryReader reader = (BinaryReader) new InfoCardBinaryReader(stream, Encoding.Unicode);
if ((byte) 1 != reader.ReadByte())
InfoCardTrace.Assert(false, "version mismatch deserializing recipient stream");
this.m_recipientParams = new Recipient.RecipientCertParameters();
this.m_recipientParams.m_certHAFlags = (Utility.SubjectAtrributeHAFlags) reader.ReadUInt32();
this.m_recipientParams.m_cn = Utility.DeserializeString(reader);
this.m_recipientParams.m_organization = Utility.DeserializeString(reader);
this.m_recipientParams.m_locality = Utility.DeserializeString(reader);
this.m_recipientParams.m_state = Utility.DeserializeString(reader);
this.m_recipientParams.m_country = Utility.DeserializeString(reader);
this.m_recipientId = Utility.DeserializeString(reader);
this.m_recipientOrganizationId = Utility.DeserializeString(reader);
this.m_issuerName = Utility.DeserializeString(reader);
this.m_subjectName = Utility.DeserializeString(reader);
this.m_privacyNoticeVersion = reader.ReadUInt32();
this.m_publicKey = reader.ReadBytes(reader.ReadInt32());
this.m_type = this.m_publicKey.Length != 0 ? Recipient.IdentityType.X509 : Recipient.IdentityType.DNS;
this.m_trustDecision = (Recipient.TrustDecision) reader.ReadByte();
if ((byte) 29 != reader.ReadByte())
InfoCardTrace.Assert(false, "Invalid stream detected deserilizing recipient");
this.ThrowIfNotComplete();
}
public void Save(StoreConnection con)
{
DataRow row = this.TryGetRow(con, QueryDetails.FullHeader);
if (row == null)
{
row = new DataRow();
row.ObjectType = -3;
row.GlobalId = (GlobalId) Guid.NewGuid();
}
row.SetIndexValue("ix_name", (object) this.m_recipientId);
MemoryStream output = new MemoryStream();
this.SerializeToStore(new BinaryWriter((Stream) output, Encoding.Unicode));
row.SetDataField(output.ToArray());
con.Save(row);
this.m_rowId = row.LocalId;
}
public override string ToString() => base.ToString();
public bool IsOrganizationVerified()
{
Utility.SubjectAtrributeHAFlags atrributeHaFlags = Utility.SubjectAtrributeHAFlags.Enabled | Utility.SubjectAtrributeHAFlags.OrganizationHA;
return (this.m_recipientParams.m_certHAFlags & atrributeHaFlags) == atrributeHaFlags;
}
protected DataRow TryGetRow(StoreConnection con, QueryDetails details) => con.GetSingleRow(QueryDetails.FullHeader, new QueryParameter("ix_objecttype", new object[1]
{
(object) -3
}), new QueryParameter("ix_name", new object[1]
{
(object) this.m_recipientId
}));
public enum TrustDecision : byte
{
NoTrustDecision,
IsTrusted,
IsNotTrusted,
PolicyVersionChange,
}
public enum IdentityType : byte
{
DNS,
X509,
}
private enum IdType : byte
{
RecipientId,
OrganizationId,
PPIDSeed,
}
public struct RecipientCertParameters
{
public string m_cn;
public string m_organization;
public string m_locality;
public string m_state;
public string m_country;
public Utility.SubjectAtrributeHAFlags m_certHAFlags;
public RecipientCertParameters(
string cn,
string organization,
string locality,
string state,
string country,
Utility.SubjectAtrributeHAFlags certHAFlags)
{
this.m_cn = cn;
this.m_organization = organization;
this.m_locality = locality;
this.m_state = state;
this.m_country = country;
this.m_certHAFlags = certHAFlags;
}
}
private struct RecipientAttribute
{
private string m_name;
private string m_delimitingString;
public RecipientAttribute(string name, string delimitingString)
{
this.m_name = name;
this.m_delimitingString = delimitingString;
}
public string DelimitingString => this.m_delimitingString;
public string Name => this.m_name;
}
}
}
Reference in New Issue View Git Blame Copy Permalink