private void ProcessAuthentication(TransitionAuthenticationProofs transitionAuthentication)
{
_clientCryptoService.DecodeEcdhTuple(transitionAuthentication.EncodedPayload, transitionAuthentication.TransactionPublicKey, out byte[] bf, out byte[] assetId, out byte[] issuer, out byte[] payload);
string sessionKey = payload.ToHexString();
bool isAuthenticationProofValid = ConfidentialAssetsHelper.VerifySurjectionProof(transitionAuthentication.AuthenticationProof, transitionAuthentication.AssetCommitment);
if (isAuthenticationProofValid && _dataAccessService.GetServiceProviderRegistrationId(_accountId, transitionAuthentication.AuthenticationProof.AssetCommitments[0], out ulong id))
{
bool isEligibilityCorrect = CheckEligibilityProofs(transitionAuthentication.AssetCommitment, transitionAuthentication.EligibilityProof, issuer);
if (isEligibilityCorrect)
{
ProceedCorrectAuthentication(transitionAuthentication, sessionKey);
}
else
{
_idenitiesHubContext.Clients.Group(sessionKey).SendAsync("PushSpAuthorizationFailed", new { Code = 2, Message = "Eligibility proofs were wrong" });
}
}
else
{
_idenitiesHubContext.Clients.Group(sessionKey).SendAsync("PushSpAuthorizationFailed", new { Code = 1, Message = "User is not registered" });
}
}
private void ProceedCorrectAuthentication(TransitionAuthenticationProofs transitionAuthentication, string sessionKey)
{
byte[] keyImage = transitionAuthentication.KeyImage.Value.ToArray();
if (!_keyImageToSessonKeyMap.ContainsKey(keyImage))
{
_keyImageToSessonKeyMap.Add(keyImage, sessionKey);
}
//TODO: here goes logic of successfull authentication
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appConfig.GetString("appSettings:secret"));
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, sessionKey),
new Claim(ClaimTypes.Role, "spuser")
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var tokenString = tokenHandler.WriteToken(token);
_idenitiesHubContext.Clients.Group(sessionKey).SendAsync("PushSpAuthorizationSucceeded", new { Token = tokenString });
}
protected override Memory <byte> ParseUtxoConfidential(ushort version, Memory <byte> spanBody, out UtxoConfidentialBase utxoConfidentialBase)
{
UtxoConfidentialBase block = null;
if (version == 1)
{
int readBytes = 0;
ReadCommitment(ref spanBody, ref readBytes, out byte[] assetCommitment);
ReadEcdhTupleProofs(ref spanBody, ref readBytes, out EcdhTupleProofs ecdhTuple);
ReadSurjectionProof(ref spanBody, ref readBytes, out SurjectionProof ownershipProofs);
ReadSurjectionProof(ref spanBody, ref readBytes, out SurjectionProof eligibilityProofs);
ReadSurjectionProof(ref spanBody, ref readBytes, out SurjectionProof authenticationProofs);
block = new TransitionAuthenticationProofs
{
AssetCommitment = assetCommitment,
EncodedPayload = ecdhTuple,
OwnershipProof = ownershipProofs,
EligibilityProof = eligibilityProofs,
AuthenticationProof = authenticationProofs
};
utxoConfidentialBase = block;
return(spanBody.Slice(readBytes));
}
throw new BlockVersionNotSupportedException(version, BlockType);
}
