public string GetPaymentAuthorization([FromBody] string xmlData)
{
string response;
// creating object of CultureInfo
CultureInfo cultures = new CultureInfo("en-US");
try
{
XmlDocument doc = new XmlDocument();
doc.LoadXml(xmlData);
#region data fetched from xml
string senderVirtualIdString, senderInstitutionIdString, receiverVirtualIdString, referenceNumberString, amountString, otherInfo;
senderVirtualIdString = doc.GetElementsByTagName("SenderVID").Item(0).Attributes["value"].Value;
senderInstitutionIdString = doc.GetElementsByTagName("SenderInstID").Item(0).Attributes["value"].Value;
receiverVirtualIdString = doc.GetElementsByTagName("ReceiverVID").Item(0).Attributes["value"].Value;
referenceNumberString = doc.GetElementsByTagName("ReferenceNo").Item(0).Attributes["value"].Value;
amountString = doc.GetElementsByTagName("TxnAmount").Item(0).Attributes["value"].Value;
otherInfo = doc.GetElementsByTagName("OtherInfo").Item(0).Attributes["value"].Value;
#endregion
double amount = 0;
amount = System.Convert.ToDouble(amountString, cultures);
IDTPUserEntity iDTPUserEntitySender = _businessLayer.GetAllIDTPUserEntities().Where(x => x.VirtualId == senderVirtualIdString).FirstOrDefault();
IDTPUserEntity iDTPUserEntityReceiver = _businessLayer.GetAllIDTPUserEntities().Where(x => x.VirtualId == receiverVirtualIdString).FirstOrDefault();
bool status = false;
// TODO: we will add payment authorization rules validation here
if (iDTPUserEntitySender != null && iDTPUserEntityReceiver != null)
{
response = IDTPXmlParser.PrepareSuccessResponse("PaymentAuthorizationResponse", "ReferenceNumber", referenceNumberString);
status = true;
}
else
{
response = IDTPXmlParser.PrepareFailResponse("PaymentAuthorizationResponse");
status = false;
}
PaymentAuthorization paymentAuthorization = new PaymentAuthorization
{
SenderId = iDTPUserEntitySender.Id,
ReceiverId = iDTPUserEntityReceiver.Id,
Amount = amount,
Status = status,
OtherInfo = otherInfo,
CreatedOn = DateTime.Now,
ModifiedOn = DateTime.Now,
EntityState = EntityState.Added
};
_businessLayer.AddPaymentAuthorization(paymentAuthorization);
return(response);
}
catch (Exception)
{
response = IDTPXmlParser.PrepareFailResponse("PaymentAuthorizationResponse");
return(response);
}
}
public async Task <IActionResult> SmartCardDigitalSignatureCallback([FromBody] SmartCardAuthorizationResponse smartCardAuthorizationResponse)
{
var sub = HttpContext.User.Claims.FirstOrDefault(x => x.Type == "sub")?.Value;
if (string.IsNullOrEmpty(sub))
{
return(Json(new { success = false }));
}
var user = await _users.FindByIdAsync(sub);
if (user == null)
{
return(Json(new { success = false }));
}
if (smartCardAuthorizationResponse == null || string.IsNullOrEmpty(smartCardAuthorizationResponse.Certificate) || string.IsNullOrEmpty(smartCardAuthorizationResponse.Token))
{
return(Json(new { success = false }));
}
var certificate = CertificateUtilities.GetAndValidateCertificate(smartCardAuthorizationResponse.Certificate, _authContext);
if (certificate == null)
{
return(Json(new { success = false }));
}
//Get session data
var paymentId = HttpContext.Session.GetString("smartCard.paymentId");
var payload = HttpContext.Session.GetString("smartCard.payload");
var verifyResult = JwtUtils.ValidateJWT(
certificate,
smartCardAuthorizationResponse.Token,
smartCardAuthorizationResponse.Algorithm,
payload);
//Verify that decoded payload is the same as sent payload
if (verifyResult)
{
try
{
//Store authorization
var payment = _authContext.Payments.First(x => x.Id == paymentId);
var paymentAuthorization = new PaymentAuthorization()
{
AuthenticatorData = smartCardAuthorizationResponse.Certificate,
AuthorizationDateTime = DateTime.Now,
Payment = payment,
Signature = smartCardAuthorizationResponse.Token,
Type = (int)DeviceType.SMART_CARD
};
payment.Status = "authorized";
_authContext.PaymentAuthorizations.Add(paymentAuthorization);
_authContext.SaveChanges();
return(Json(new { success = true }));
}
catch (Exception e)
{
return(Json(new { success = false }));
}
}
else
{
return(Json(new { success = false }));
}
}
public async Task <IActionResult> AssertDigitalSignatureResult([FromBody] AuthenticatorAssertionRawResponse clientResponse)
{
var sub = HttpContext.User.Claims.FirstOrDefault(x => x.Type == "sub")?.Value;
if (string.IsNullOrEmpty(sub))
{
return(Json(new { success = false }));
}
var user = await _users.FindByIdAsync(sub);
if (user == null)
{
return(Json(new { success = false }));
}
try
{
// 1. Get the assertion options we sent the client
var jsonOptions = HttpContext.Session.GetString("fido2.assertionOptions");
var options = AssertionOptions.FromJson(jsonOptions);
// 2. Get registered credential from database
var creds = _authContext.FidoLogins.FirstOrDefault(x => x.PublicKeyIdBytes.SequenceEqual(clientResponse.Id) && x.UserId == user.Id);
//DemoStorage.GetCredentialById(clientResponse.Id);
if (creds == null)
{
return(Json(new { success = false }));
}
// 3. Get credential counter from database
var storedCounter = creds.SignatureCounter;
// 4. Create callback to check if userhandle owns the credentialId
IsUserHandleOwnerOfCredentialIdAsync callback = async(args) =>
{
return(_authContext.FidoLogins.FirstOrDefault(x => x.UserHandle.SequenceEqual(args.UserHandle) && x.PublicKeyIdBytes.SequenceEqual(args.CredentialId)) != null);
};
// 5. Make the assertion
var res = await _lib.MakeAssertionAsync(clientResponse, options, creds.PublicKey, storedCounter, callback);
if (!string.IsNullOrEmpty(res.ErrorMessage))
{
return(Json(new { success = false, error = res.ErrorMessage }));
}
var paymentId = HttpContext.Session.GetString("fido2.paymentId");
var payment = _authContext.Payments.First(x => x.Id == paymentId);
var signature = Fido2NetLib.Base64Url.Encode(clientResponse.Response.Signature);
var paymentAuthorization = new PaymentAuthorization()
{
Payment = payment,
PublicKeyId = creds.PublicKeyId,
Signature = signature,
Type = (int)DeviceType.FIDO2,
AuthorizationDateTime = DateTime.Now,
ClientData = Fido2NetLib.Base64Url.Encode(clientResponse.Response.ClientDataJson),
AuthenticatorData = Fido2NetLib.Base64Url.Encode(clientResponse.Response.AuthenticatorData)
};
_authContext.PaymentAuthorizations.Add(paymentAuthorization);
payment.Status = "authorized";
// 6. Store the updated counter
creds.SignatureCounter = res.Counter;
_authContext.SaveChanges();
// 7. return OK to client
return(Json(new { signature, success = true }));
}
catch (Exception e)
{
return(Json(new { success = false }));
}
}