Example #1
0
        private static StatusInfo Extract(ArgsInfo arguments)
        {
            StatusInfo si;

            try
            {
                si = new StatusInfo(
                    new ResultInfo(
                        _serializer.CertificateToSerializable(
                            arguments.CertificateSource,
                            arguments.InputFile,
                            arguments.NodeId)
                        )
                    );
            }
            catch (Exception e)
            {
                si = new StatusInfo(
                    new ErrorInfo(
                        ErrorCodes.CertificateExtractionException,
                        ErrorType.CertificateExtraction,
                        e.Message));
            }

            return(si);
        }
Example #2
0
        public async Task <IHttpActionResult> Command(string command)
        {
            if (!Request.IsAuthorized())
            {
                Log.Fatal("Blocked WebApiHost request from {blockedIp}", Request.GetRemoteIp());
                return(StatusCode(HttpStatusCode.Forbidden));
            }

            var context = new OperationContext(Request);

            try
            {
                Program.WebApiHost.ClientConnected();
                context.SetRawInputParameters(Request.RequestUri.Query, command);

                var inputParameters = await ReadInputParameters(Request, command);

                context.SetInputParameters(inputParameters);

                var validationResult = ValidateParameters(inputParameters);

                if (!validationResult.isParametersOk)
                {
                    return(ErrorResultBadRequest(validationResult.errorReason, context));
                }

                switch (inputParameters.ArgsInfo.Function)
                {
                case ProgramFunction.Sign:
                    var signerResponse = _signer.Sign(
                        inputParameters.ArgsInfo.SigType,
                        inputParameters.ArgsInfo.GostFlavor,
                        inputParameters.ArgsInfo.CertificateThumbprint,
                        inputParameters.DataToSign,
                        inputParameters.ArgsInfo.NodeId,
                        inputParameters.ArgsInfo.IgnoreExpiredCertificate,
                        inputParameters.ArgsInfo.IsAddSigningTime);

                    var binaryData = signerResponse.IsResultBase64Bytes
                                                        ? Convert.FromBase64String(signerResponse.SignedData)
                                                        : Encoding.UTF8.GetBytes(signerResponse.SignedData);

                    context.SetSignerResponse(signerResponse);

                    var streamToReturn = new MemoryStream(binaryData);

                    var returnMessage = new HttpResponseMessage(HttpStatusCode.OK)
                    {
                        Content = new StreamContent(streamToReturn),
                    };

                    SetAdditionalResponseProperties(returnMessage);

                    Log.Debug(
                        "Successfully signed file from ip {requesterIp} with following parameters: [{parameters}]",
                        Request.GetRemoteIp(),
                        context.RawInputParameters);

                    return(SuccessResult(returnMessage, context));

                case ProgramFunction.Verify:
                    var verifierResponse = _verifier.VerifySignature(
                        inputParameters.ArgsInfo.SigType,
                        nodeId: inputParameters.ArgsInfo.NodeId,
                        signedFileBytes: inputParameters.DataToSign,
                        signatureFileBytes: inputParameters.SignatureFileBytes,
                        isVerifyCertificateChain: inputParameters.ArgsInfo.IsVerifyCertificateChain);

                    var verifierRetrurnMessge = new HttpResponseMessage(HttpStatusCode.OK)
                    {
                        Content = new StringContent(JsonConvert.SerializeObject(verifierResponse))
                    };

                    SetAdditionalResponseProperties(verifierRetrurnMessge);

                    Log.Debug(
                        "Successfully checked signature from ip {requesterIp} with following parameters: [{parameters}]",
                        Request.GetRemoteIp(),
                        context.RawInputParameters);

                    return(SuccessResult(verifierRetrurnMessge, context));

                case ProgramFunction.Extract:
                    var readCertificate = _certificateProcessor.ReadCertificateFromSignedFile(
                        inputParameters.ArgsInfo.SigType,
                        signedFileBytes: inputParameters.DataToSign,
                        signatureFileBytes: inputParameters.SignatureFileBytes,
                        nodeId: inputParameters.ArgsInfo.NodeId);

                    var serializableCertificate = _certificateSerializer.CertificateToSerializable(readCertificate);

                    var extractedCertificateRetrurnMessge = new HttpResponseMessage(HttpStatusCode.OK)
                    {
                        Content = new StringContent(JsonConvert.SerializeObject(serializableCertificate))
                    };

                    SetAdditionalResponseProperties(extractedCertificateRetrurnMessge);

                    Log.Debug(
                        "Successfully extracted certificate from signed file from ip {requesterIp} with following parameters: [{parameters}]",
                        Request.GetRemoteIp(),
                        context.RawInputParameters);

                    return(SuccessResult(extractedCertificateRetrurnMessge, context));

                case ProgramFunction.VerifyAndExtract:
                    var verifierResponsePart = _verifier.VerifySignature(
                        inputParameters.ArgsInfo.SigType,
                        signedFileBytes: inputParameters.DataToSign,
                        signatureFileBytes: inputParameters.SignatureFileBytes,
                        nodeId: inputParameters.ArgsInfo.NodeId,
                        isVerifyCertificateChain: inputParameters.ArgsInfo.IsVerifyCertificateChain);

                    var readCertificatePart = _certificateProcessor.ReadCertificateFromSignedFile(
                        inputParameters.ArgsInfo.SigType,
                        signedFileBytes: inputParameters.DataToSign,
                        signatureFileBytes: inputParameters.SignatureFileBytes,
                        nodeId: inputParameters.ArgsInfo.NodeId);

                    var serializableCertificatePart =
                        _certificateSerializer.CertificateToSerializable(readCertificatePart);

                    var combinedResponse = new CombinedResponse()
                    {
                        VerificationResult   = verifierResponsePart,
                        ExtractedCertificate = serializableCertificatePart
                    };

                    if (verifierResponsePart.SigningDateTime.HasValue)
                    {
                        combinedResponse.SignatureInfo = new()
                        {
                            SigningDateTime = verifierResponsePart.SigningDateTime
                        };
                    }

                    var verifyAndExtractRetrurnMessge = new HttpResponseMessage(HttpStatusCode.OK)
                    {
                        Content = new StringContent(JsonConvert.SerializeObject(combinedResponse))
                    };

                    SetAdditionalResponseProperties(verifyAndExtractRetrurnMessge);

                    Log.Debug(
                        "Successfully verified and extracted certificate from signed file from ip {requesterIp} with following parameters: [{parameters}]",
                        Request.GetRemoteIp(),
                        context.RawInputParameters);

                    return(SuccessResult(verifyAndExtractRetrurnMessge, context));

                case ProgramFunction.Describe:
                    var readInputCertificate = _certificateProcessor.ReadCertificateFromCertificateFile(inputParameters.CertificateFileBytes);

                    var describedCertificate =
                        _certificateSerializer.CertificateToSerializable(readInputCertificate);

                    var certificateDescribeReturnMessge = new HttpResponseMessage(HttpStatusCode.OK)
                    {
                        Content = new StringContent(JsonConvert.SerializeObject(describedCertificate))
                    };

                    Log.Debug(
                        "Successfully described extracted certificate from ip {requesterIp}",
                        Request.GetRemoteIp());

                    return(SuccessResult(certificateDescribeReturnMessge, context));

                default:
                    return(ErrorResultBadRequest($"Command {command} is not supported.", context));
                }
            }
            catch (OperationCanceledException opce)
            {
                Log.Warning("Client disconnected prior to singing completion");
                return(ErrorResultBadRequest(opce, context));
            }
            catch (Exception ex)
            {
                Log.Error(ex, "Error occured during signing process with command: {command}", command);
                return(ErrorResultBadRequest(ex, context));
            }
            finally
            {
                SaveOperationContext(context);
                Program.WebApiHost.ClientDisconnected();
            }
        }