Beispiel #1
0
        private string GetApproveSignature(RequestActionDto action, ApproveCommand command)
        {
            var data = new
            {
                action.Timestamp,
                action.ActionType,
                command.Approved,
                command.Comments,
                EmployeeId      = action.Employee.Id,
                CreditRequestId = action.CreditRequest.Id,
                Duration        = action.CreditRequest.MonthDuration,
                Sum             = action.CreditRequest.CreditSum.Value,
                SumCurrencyId   = action.CreditRequest.CreditSum.Currency.Id,
                CreditTypeId    = action.CreditRequest.CreditType.Id
            };
            var json = JsonConvert.SerializeObject(data);

            return(_signatureService.Sign(json, action.Employee.User.Key).Value);
        }
Beispiel #2
0
        public async Task <RegistrationResult> Register(RegistrationRequest request)
        {
            var result = new RegistrationResult {
                Success = false
            };

            if (validation.IsValid(request))
            {
                result.Signature = await signatureService.Sign(request);

                result.Success = true;
            }

            return(result);
        }
Beispiel #3
0
 public async Task <string> Perform(string message)
 {
     return(_signatureService.Sign(message));
 }
Beispiel #4
0
        private bool TrySendKeyBatchToTheGateway(TemporaryExposureKeyGatewayBatchProtoDto protoBatch, SortOrder keySortOrderForSignature)
        {
            var upoadKeysEndpointUrl = _euGatewayConfig.UrlNormalized + EuGatewayContract.Endpoint.KeysUploadEndpoint;
            var batchBytes           = protoBatch.ToByteArray();

            //sign
            var signing       = _signatureService.Sign(protoBatch, keySortOrderForSignature);
            var signingBase64 = _encodingService.EncodeToBase64(signing);
            var body          = new ByteArrayContent(batchBytes);

            var uniqueTag = DateTimeOffset.UtcNow.ToUnixTimeMilliseconds().ToString();

            body.Headers.Add("batchTag", uniqueTag);
            body.Headers.Add("Content-Type", "application/protobuf;version=1.0");
            body.Headers.Add("batchSignature", signingBase64);

            var response = _gatewayHttpClient.PostAsync(upoadKeysEndpointUrl, body).Result;
            var message  = response.Content.ReadAsStringAsync().Result;
            var code     = response.StatusCode;

            switch (code)
            {
            case System.Net.HttpStatusCode.OK:
                _logger.LogInformation($"Response - OK. Message: {message}");
                var containsHtml = message.Contains("<body>");
                _logger.LogError($"UeGateway response with code 200 with HTML in the response: {containsHtml}. UeGateway Server is down!");
                // Server is down - https://github.com/eu-federation-gateway-service/efgs-federation-gateway/issues/151
                break;

            case System.Net.HttpStatusCode.Created:
                _logger.LogInformation("Keys successfully uploaded.");
                return(true);

            case System.Net.HttpStatusCode.MultiStatus:
                _logger.LogWarning($"Data partially added with warnings: {message}.");
                return(true);

            case System.Net.HttpStatusCode.BadRequest:
                _logger.LogError($"Bad request: {message}");
                break;

            case System.Net.HttpStatusCode.Forbidden:
                _logger.LogError($"Forbidden call in cause of missing or invalid client certificate. Message: {message}");
                break;

            case System.Net.HttpStatusCode.NotAcceptable:
                _logger.LogError($"Data format or content is not valid. Massage:{message}");
                break;

            case System.Net.HttpStatusCode.Conflict:
                _logger.LogError($"Data already exist. Message: {message}");
                break;

            case System.Net.HttpStatusCode.RequestEntityTooLarge:
                _logger.LogError($"Payload to large.  Message: {message}");
                break;

            case System.Net.HttpStatusCode.InternalServerError:
                _logger.LogError($"Are not able to write data. Retry please. Message: {message}");
                break;

            default:
                _logger.LogError($"Response code was not recognized. Status code: {code}, message: {message}");
                break;
            }
            return(false);
        }
        public ResponseDTO <Session> SsoLogin(SsoUserRequestDTO request)
        {
            ResponseDTO <Session> response = new ResponseDTO <Session>();

            // Before anything happens, validate that this request is coming from the known sso server
            if (!_signatureService.isValidSignature(request.GetStringToSign(), request.Signature))
            {
                response.Data  = null;
                response.Error = "My signature: " + _signatureService.Sign(request.GetStringToSign()) + " Compared to: " + request.Signature;
                _loggerService.LogError(LogConstants.FAIL_LOGIN, request.SsoUserId, "", response.Error, "");
                return(response);
            }

            // Protect against replay attacks by checking the timestamp
            if (DateTimeOffset.Now.AddSeconds(5).ToUnixTimeMilliseconds() < request.Timestamp)
            {
                response.Data  = null;
                response.Error = ErrorStrings.OLD_SSO_REQUEST;
                _loggerService.LogError(LogConstants.FAIL_LOGIN, request.SsoUserId, "", response.Error, "");
                return(response);
            }

            // Convert request SsoId into Guid
            Guid ssoId = new Guid(request.SsoUserId);

            // Search for user in database
            ResponseDTO <UserAccountDTO> userAccountResponse = _userManagementService.GetUserBySsoId(ssoId);
            UserAccountDTO userDTO = userAccountResponse.Data;

            // If the user does not exist in the data store, register the user as a standard user
            if (userAccountResponse.Data == null)
            {
                // Verify the email is not null
                if (request.Email == null)
                {
                    response.Data  = null;
                    response.Error = "User email may not be null.";
                    _loggerService.LogError(LogConstants.FAIL_LOGIN, request.SsoUserId, "", response.Error, "");
                    return(response);
                }

                // Create an unassigned user account
                UserAccount user = new UserAccount()
                {
                    SsoId       = ssoId,
                    Username    = request.Email,
                    IsActive    = true,
                    AcceptedTOS = false,
                    RoleType    = Roles.UNASSIGNED
                };
                List <Claim> newClaims = _claimService.GetUserClaims(Roles.UNASSIGNED, request.Email).Data;

                // Add user to datastore
                ResponseDTO <bool> createUserResponse = _userManagementService.CreateUser(user, newClaims);

                // Check if user creation succeded
                if (!createUserResponse.Data)
                {
                    response.Data  = null;
                    response.Error = createUserResponse.Error;
                    _loggerService.LogError(LogConstants.FAIL_LOGIN, request.SsoUserId, "", response.Error, "");
                    return(response);
                }

                // User now exists in database, proceed with login as normal
                userDTO = new UserAccountDTO(user);
            }

            // Create session for user
            ResponseDTO <Session> sessionResponseDTO = _sessionService.CreateSession(userDTO.Id);

            _loggerService.LogAction(LogConstants.ACTION_LOGIN, userDTO.SsoId.ToString(), sessionResponseDTO.Data.SessionId.ToString());

            return(sessionResponseDTO);
        }