internal static async Task DenyAdminDeviceRequests(this IEnterpriseContext context, GetDeviceForAdminApproval[] devices)
{
var rq = new ApproveUserDevicesRequest();
foreach (var device in devices)
{
var deviceRq = new ApproveUserDeviceRequest
{
EnterpriseUserId = device.EnterpriseUserId,
EncryptedDeviceToken = ByteString.CopyFrom(device.EncryptedDeviceToken.Base64UrlDecode()),
DenyApproval = true,
};
rq.DeviceRequests.Add(deviceRq);
if (rq.DeviceRequests.Count == 0)
{
Console.WriteLine("No device to approve/deny");
}
else
{
var rs = await context.Enterprise.Auth
.ExecuteAuthRest <ApproveUserDevicesRequest, ApproveUserDevicesResponse>("enterprise/approve_user_devices", rq);
if (rs.DeviceResponses?.Count > 0)
{
foreach (var approveRs in rs.DeviceResponses)
{
if (!approveRs.Failed)
{
continue;
}
if (context.Enterprise.TryGetUserById(approveRs.EnterpriseUserId, out var user))
{
Console.WriteLine($"Failed to approve {user.Email}: {approveRs.Message}");
}
}
}
context.DeviceForAdminApprovals = null;
}
}
}
internal static async Task ApproveAdminDeviceRequests(this IEnterpriseContext context, GetDeviceForAdminApproval[] devices)
{
var dataKeys = new Dictionary <long, byte[]>();
foreach (var device in devices)
{
if (!dataKeys.ContainsKey(device.EnterpriseUserId))
{
dataKeys[device.EnterpriseUserId] = context.UserDataKeys.TryGetValue(device.EnterpriseUserId, out var dk) ? dk : null;
}
}
var toLoad = dataKeys.Where(x => x.Value == null).Select(x => x.Key).ToArray();
if (toLoad.Any() && context.EnterprisePrivateKey != null)
{
var dataKeyRq = new UserDataKeyRequest();
dataKeyRq.EnterpriseUserId.AddRange(toLoad);
var dataKeyRs = await context.Enterprise.Auth.ExecuteAuthRest <UserDataKeyRequest, EnterpriseUserDataKeys>("enterprise/get_enterprise_user_data_key", dataKeyRq);
foreach (var key in dataKeyRs.Keys)
{
if (key.UserEncryptedDataKey.IsEmpty)
{
continue;
}
try
{
var userDataKey = CryptoUtils.DecryptEc(key.UserEncryptedDataKey.ToByteArray(), context.EnterprisePrivateKey);
context.UserDataKeys[key.EnterpriseUserId] = userDataKey;
dataKeys[key.EnterpriseUserId] = userDataKey;
}
catch (Exception e)
{
Debug.WriteLine($"Data key decrypt error: {e.Message}");
}
}
}
var rq = new ApproveUserDevicesRequest();
foreach (var device in devices)
{
if (!dataKeys.TryGetValue(device.EnterpriseUserId, out var dk))
{
continue;
}
if (string.IsNullOrEmpty(device.DevicePublicKey))
{
continue;
}
var devicePublicKey = CryptoUtils.LoadPublicEcKey(device.DevicePublicKey.Base64UrlDecode());
try
{
var deviceRq = new ApproveUserDeviceRequest
{
EnterpriseUserId = device.EnterpriseUserId,
EncryptedDeviceToken = ByteString.CopyFrom(device.EncryptedDeviceToken.Base64UrlDecode()),
EncryptedDeviceDataKey = ByteString.CopyFrom(CryptoUtils.EncryptEc(dk, devicePublicKey))
};
rq.DeviceRequests.Add(deviceRq);
}
catch (Exception e)
{
Debug.WriteLine(e.Message);
}
}
if (rq.DeviceRequests.Count == 0)
{
Console.WriteLine("No device to approve/deny");
}
else
{
var rs = await
context.Enterprise.Auth.ExecuteAuthRest <ApproveUserDevicesRequest, ApproveUserDevicesResponse>("enterprise/approve_user_devices", rq);
if (rs.DeviceResponses?.Count > 0)
{
foreach (var approveRs in rs.DeviceResponses)
{
if (!approveRs.Failed)
{
continue;
}
if (context.Enterprise.TryGetUserById(approveRs.EnterpriseUserId, out var user))
{
Console.WriteLine($"Failed to approve {user.Email}: {approveRs.Message}");
}
}
}
context.DeviceForAdminApprovals = null;
}
}
public static async Task ExecuteDeviceApprove(IAuthentication auth, IList <string> messages)
{
var keysRq = new EnterpriseDataCommand
{
include = new[] { "devices_request_for_admin_approval" }
};
var rs = await auth.ExecuteAuthCommand <EnterpriseDataCommand, EnterpriseDataResponse>(keysRq);
if ((rs.DeviceRequestForApproval?.Count ?? 0) == 0)
{
return;
}
var userDataKeys = new Dictionary <long, byte[]>();
foreach (var drq in rs.DeviceRequestForApproval)
{
if (!userDataKeys.ContainsKey(drq.EnterpriseUserId))
{
userDataKeys[drq.EnterpriseUserId] = null;
}
}
var dataKeyRq = new UserDataKeyRequest();
dataKeyRq.EnterpriseUserId.AddRange(userDataKeys.Keys);
var dataKeyRs = await auth.ExecuteAuthRest <UserDataKeyRequest, EnterpriseUserDataKeys>("enterprise/get_enterprise_user_data_key", dataKeyRq);
foreach (var key in dataKeyRs.Keys)
{
if (key.UserEncryptedDataKey.IsEmpty)
{
continue;
}
if (key.KeyTypeId != 2)
{
continue;
}
try
{
var userDataKey = CryptoUtils.DecryptEc(key.UserEncryptedDataKey.ToByteArray(), _enterprisePrivateKey);
userDataKeys[key.EnterpriseUserId] = userDataKey;
}
catch (Exception e)
{
messages.Add($"Data key decrypt error: {e.Message}");
}
}
var approveDevicesRq = new ApproveUserDevicesRequest();
foreach (var drq in rs.DeviceRequestForApproval)
{
if (!userDataKeys.ContainsKey(drq.EnterpriseUserId) || userDataKeys[drq.EnterpriseUserId] == null)
{
continue;
}
var dataKey = userDataKeys[drq.EnterpriseUserId];
var devicePublicKey = CryptoUtils.LoadPublicEcKey(drq.DevicePublicKey.Base64UrlDecode());
var encDataKey = CryptoUtils.EncryptEc(dataKey, devicePublicKey);
var approveRq = new ApproveUserDeviceRequest
{
EnterpriseUserId = drq.EnterpriseUserId,
EncryptedDeviceToken = ByteString.CopyFrom(drq.EncryptedDeviceToken.Base64UrlDecode()),
EncryptedDeviceDataKey = ByteString.CopyFrom(encDataKey),
DenyApproval = false,
};
approveDevicesRq.DeviceRequests.Add(approveRq);
}
if (approveDevicesRq.DeviceRequests.Count == 0)
{
return;
}
var approveRs = await auth.ExecuteAuthRest <ApproveUserDevicesRequest, ApproveUserDevicesResponse>("enterprise/approve_user_devices", approveDevicesRq);
foreach (var deviceRs in approveRs.DeviceResponses)
{
var message = $"Approve device for {deviceRs.EnterpriseUserId} {(deviceRs.Failed ? "failed" : "succeeded")}";
Debug.WriteLine(message);
messages.Add(message);
}
}
