public static bool ControlToPasswordIsUsed(VeriBranchDataEntities entities, string password, long userID, short channelID)
{
short usedPasswordControl = ConfigurationParametersPresenter.GetParameter(ConfigurationParameterKeys.UsedPasswordControlType).ToShort(0);
UsedPasswordControlTypeEnum passwordControlType = (UsedPasswordControlTypeEnum)usedPasswordControl;
int usedPasswordControlValue = ConfigurationParametersPresenter.GetParameter(ConfigurationParameterKeys.UsedPasswordControlValue).ToInteger();
if (usedPasswordControlValue != 0 && passwordControlType != UsedPasswordControlTypeEnum.Undefined)
{
List <string> passwordHistory = new List <string>();
if (passwordControlType == UsedPasswordControlTypeEnum.Day)
{
DateTime oldPinControlDate = DateTime.Now.AddDays(-1 * usedPasswordControlValue);
passwordHistory = entities.VpPasswordHistory.Where
(q => q.UserID == userID &&
q.ChannelID == channelID &&
q.CreateDate > oldPinControlDate
).OrderByDescending(q => q.CreateDate).Select(q => q.Password).ToList();
}
else
{
int usedControlCount = usedPasswordControlValue;
passwordHistory = (entities.VpPasswordHistory.Where
(q => q.UserID == userID &&
q.ChannelID == channelID).OrderByDescending(q => q.CreateDate).Select(q => q.Password).ToList().Take(usedControlCount).ToList());
}
if (passwordHistory != null && passwordHistory.Count > 0)
{
return(passwordHistory.Contains(password));
}
}
return(false);
}
private static string EncryptPassword(string password)
{
string k = Convert.ToString(ConfigurationParametersPresenter.GetParameter("RSA.PublicKey.Modulus"));
//int e = Convert.ToInt32(ConfigurationParametersPresenter.GetParameter("RSA.PublicKey.Exponent"));
return(Encryption.EncryptString(password, k));
}
public static bool VerifyUserIdPassword(string customerId, string password, TransactionHeader transactionHeader)
{
bool authenticationSuccess = false;
//password = EncryptPassword(password);
transactionHeader.Session.InitialSessionid = "SoftToken";
if (transactionHeader.Customer == null)
{
transactionHeader.Customer = new Customer();
}
transactionHeader.Customer.CustomerType = CustomerTypeEnum.Retail;
AuthenticationContext context = new AuthenticationContext(transactionHeader,
AuthenticationFlowItemTypeEnum.FirstLevel, string.Empty);
context.SetUserDetail(0, "", "", "", customerId);
bool isPasswordEncryptionEnabled = Convert.ToBoolean(ConfigurationParametersPresenter.GetParameter("RSA.PasswordEncryptionEnabled"));
//string password = (string)request.Password;
// if encryption is enabled, decrypt the pin
if (isPasswordEncryptionEnabled)
{
// these must be replaced by fetching certificate from store
string privateKey = Convert.ToString(ConfigurationParametersPresenter.GetParameter("RSA.PrivateKey"));
int keySize = Convert.ToInt32(ConfigurationParametersPresenter.GetParameter("RSA.KeySize"));
password = Encryption.RSADecryptString(password, keySize, privateKey);
}
context.SetPassword(password, null);
context.SetDiscardPasswordHashCheck(false);
//context.ExternalCheckMethod = CheckPassword;
AuthenticationResult result = AuthenticationService.GetResult(context);
if (result.Result == LoginResultEnum.FirstLevelSuccess)
{
authenticationSuccess = true;
}
return(authenticationSuccess);
}
public void Execute(object requestMessage, ref object responseMessage, TransactionHeader transactionHeader)
{
long userID = transactionHeader.Customer.UserId;
SoftTokenSelectAuthenticationRequest request = requestMessage as SoftTokenSelectAuthenticationRequest;
SoftTokenSelectAuthenticationResponse response = responseMessage as SoftTokenSelectAuthenticationResponse;
VpOtpHistory otpHistory = null;
string password = request.Password;
try
{
using (VeriBranchDataEntities context = new VeriBranchDataEntities())
{
otpHistory = context.VpOtpHistory.Where(obj => obj.UserID == userID).OrderByDescending(obj => obj.ID).FirstOrDefault();
if (otpHistory != null)
{
string decryptedOTP = string.Empty;
if (ConfigurationParametersPresenter.GetParameter(LoginConstants.FlowItemType.OTPEncryptionEnabledKey) != null)
{
// these must be replaced by fetching certificate from store
string privateKey = Convert.ToString(ConfigurationParametersPresenter.GetParameter(LoginConstants.FlowItemType.EncryptionPrivateKey));
int keySize = Convert.ToInt32(ConfigurationParametersPresenter.GetParameter(LoginConstants.FlowItemType.EncryptionKeySizeKey));
decryptedOTP = Encryption.DecryptString(otpHistory.EncryptedOTP, privateKey);
}
if (decryptedOTP == password)
{
response.Status = true;
}
}
}
}
catch (Exception ex)
{
response.Status = false;
}
}
public void Execute(object requestMessage, ref object responseMessage, TransactionHeader transactionHeader)
{
GenerateSoftTokenRequest request = requestMessage as GenerateSoftTokenRequest;
GenerateSoftTokenResponse response = responseMessage as GenerateSoftTokenResponse;
VpOtpHistory otpHistory = null;
string hashedPassword = string.Empty;
using (VeriBranchDataEntities context = new VeriBranchDataEntities())
{
var device = context.VpOtpDevice.Where(obj => obj.SerialNumber == request.DeviceId).FirstOrDefault();
if (device == null)
{
throw new VPBusinessException("DeviceNotExistException");
}
long userId = Convert.ToInt32(device.CreateBy);
if (!string.IsNullOrEmpty(request.Password))
{
hashedPassword = HashHelper.Hash(request.Password, string.Empty, HashTypeEnum.Md5);
if (context.VPSoftTokenRegistration.Where(obj => obj.UserId == userId && obj.Password == hashedPassword).FirstOrDefault() != null)
{
otpHistory = context.VpOtpHistory.Where(obj => obj.UserID == userId && obj.ExpireTime >= DateTime.Now).OrderByDescending(obj => obj.ID).FirstOrDefault();
}
else
{
throw new VPBusinessException("WrongPassword");
}
}
else if (string.IsNullOrEmpty(request.Password) && request.IsAuthenticatedWithFingerPrint)
{
string autoPass = request.DeviceId + "true" + request.DeviceId; // 1 because AutoPassword should have set IsAuthenticatedWithFingerPrint
if (autoPass.Equals(request.AutoPassword))
{
otpHistory = context.VpOtpHistory.Where(obj => obj.UserID == userId && obj.ExpireTime >= DateTime.Now).OrderByDescending(obj => obj.ID).FirstOrDefault();
}
else
{
throw new VPBusinessException("WrongPassword");
}
}
else
{
throw new VPBusinessException("WrongPassword");
}
}
if (otpHistory != null || string.IsNullOrEmpty(otpHistory.EncryptedOTP))
{
string decryptedOTP = string.Empty;
if (ConfigurationParametersPresenter.GetParameter(LoginConstants.FlowItemType.OTPEncryptionEnabledKey) != null)
{
// these must be replaced by fetching certificate from store
string privateKey = Convert.ToString(ConfigurationParametersPresenter.GetParameter(LoginConstants.FlowItemType.EncryptionPrivateKey));
int keySize = Convert.ToInt32(ConfigurationParametersPresenter.GetParameter(LoginConstants.FlowItemType.EncryptionKeySizeKey));
decryptedOTP = Encryption.DecryptString(otpHistory.EncryptedOTP, privateKey);
}
response.OTP = decryptedOTP;
}
else
{
response.OTP = VeriBranch.Utilities.ConfigurationUtilities.ResourceHelper.GetGeneralMessage("NoOTPAvailable");
}
}
