MultiFactorAuthenticator/Program.cs at main · tjrocha/MultiFactorAuthenticator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
using System;
using System.Windows.Forms;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

namespace Reclamation.MultiFactorAuthenticator
{
    public static class MultiFactorAuthenticator
    {
        public static bool AuthenticateSmartCard()
        {
            // Check Smart Card connected
            bool smartCardConnected = true;
            while (smartCardConnected)
            {
                smartCardConnected = IsSmartCardConnected();
            }

            // Get Smart Card info
            CspParameters cspParameters = new CspParameters(1, "Microsoft Base Smart Card Crypto Provider");
            RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(cspParameters);
            string pubKeyXml = rsaProvider.ToXmlString(false);

            // Find the certficate in the CurrentUser\My store that matches the public key
            X509Store x509Store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            x509Store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
            int foundCertsCount = 0;
            X509Certificate2 foundCert = new X509Certificate2();
            foreach (X509Certificate2 cert in x509Store.Certificates)
            {
                if ((cert.PublicKey.Key.ToXmlString(false) == pubKeyXml) && cert.HasPrivateKey)
                {
                    foundCertsCount++;
                    foundCert = cert;
                }
            }

            // Force Smart Card authentication by encrypting and decrypting a string
            if (foundCertsCount == 1)
            {
                string plaintext = "DUMMYTEXT";
                string encryptedstring = Encrypt(foundCert, plaintext);
                string decryptedstring = Decrypt(foundCert, encryptedstring);
                return decryptedstring == plaintext;
            }
            else
            {
                return false;
            }
        }


        /// <summary>
        /// Method to check Smart Card is connected
        /// </summary>
        /// <returns></returns>
        public static bool IsSmartCardConnected()
        {
            // Acquire public key stored in the default container of the currently inserted card
            CspParameters cspParameters = new CspParameters(1, "Microsoft Base Smart Card Crypto Provider");
            RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(cspParameters);
            string pubKeyXml;
            try
            {
                pubKeyXml = rsaProvider.ToXmlString(false);
                return false;
            }
            catch
            {
                string message = "Insert your Smart Card and click OK";
                string title = "Smart Card not found";
                MessageBoxButtons buttons = MessageBoxButtons.OKCancel;
                var msgBox = MessageBox.Show(message, title, buttons, MessageBoxIcon.Error);
                if (msgBox == DialogResult.Cancel)
                {
                    Environment.Exit(0);
                }
                return true;
            }
        }


        /// <summary>
        /// Method to encrypt a string
        /// </summary>
        /// <param name="x509"></param>
        /// <param name="stringToEncrypt"></param>
        /// <returns></returns>
        public static string Encrypt(X509Certificate2 x509, string stringToEncrypt)
        {
            if (x509 == null || string.IsNullOrEmpty(stringToEncrypt))
            {
                throw new Exception("A x509 certificate and string for encryption must be provided");
            }

            RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509.PublicKey.Key;
            byte[] bytestoEncrypt = System.Text.ASCIIEncoding.ASCII.GetBytes(stringToEncrypt);
            byte[] encryptedBytes = rsa.Encrypt(bytestoEncrypt, false);
            return Convert.ToBase64String(encryptedBytes);
        }


        /// <summary>
        /// Method to decrypt a string
        /// </summary>
        /// <param name="x509"></param>
        /// <param name="stringTodecrypt"></param>
        /// <returns></returns>
        public static string Decrypt(X509Certificate2 x509, string stringTodecrypt)
        {
            if (x509 == null || string.IsNullOrEmpty(stringTodecrypt))
            {
                throw new Exception("A x509 certificate and string for decryption must be provided");
            }

            if (!x509.HasPrivateKey)
            {
                throw new Exception("x509 certicate does not contain a private key for decryption");
            }

            RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509.PrivateKey;
            byte[] bytestodecrypt = Convert.FromBase64String(stringTodecrypt);
            byte[] plainbytes = rsa.Decrypt(bytestodecrypt, false);
            System.Text.ASCIIEncoding enc = new System.Text.ASCIIEncoding();
            return enc.GetString(plainbytes);
        }
    }
}